On Mon, May 15, 2023 at 12:47 PM Ronald Van de Kuil
<ronald.van.de.kuil@nl.ibm.com> wrote:
>
> Openshift uses haproxy. And I have configured a passthrough route for the postgresql service.
>
> In addition, I have managed to make a tcpdump of connecting to the Postgres instance via oc-port-forward, a CLI
utilitywhich is not production grade. However, it gives me a chance to understand the postgresql handshake. There I see
aClient Hello, then a Client Hello with a change of Cypher Spec, and then the Server hallo.
>
> On this connection that was established, I see the absence of an "Extension: server_name". I see that in connections
thatare established to the console of Openshift. I would therefore like to believe that some work needs to be done on
thePostgreSQL client to send the SNI.
What version of the client are you using? I would expect the host name
extension to be set in clienthello by default - but it does require
the client libpq to be at least version 14. Maybe you have more than
one version of libpq around, and it's picking up the wrong one? (Note
that it is perfectly possible to have different versions of psql and
libpq, and you need to verify the libpq version specifically).
//Magnus
