PostgreSQL JDBC Driver project reports:
Client Allows Fallback to Insecure Authentication Despite
channelBinding=require configuration. Fix channel binding
required handling to reject non-SASL authentication Previously,
when channel binding was set to "require", the driver
would silently ignore this requirement for non-SASL
authentication methods. This could lead to a false sense of
security when channel binding was explicitly requested but not
actually enforced. The fix ensures that when channel binding is
set to "require", the driver will reject connections that use
non-SASL authentication methods or when SASL authentication has
not completed properly.