doc: warn that tls.connect() doesn't set SNI

Add a note warning users that when using tls.connect(),
the `servername` option must be set explicitely to enable
SNI, otherwise the connection could fail.

PR-URL: #33855
Fixes: #28167
Co-authored-by: Denys Otrishko <[email protected]>
Reviewed-By: Robert Nagy <[email protected]>
Reviewed-By: Denys Otrishko <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>

Author: 2 people

doc/api/tls.md

@@ -1392,6 +1392,12 @@ The `callback` function, if specified, will be added as a listener for the
 
 `tls.connect()` returns a [`tls.TLSSocket`][] object.
 
+Unlike the `https` API, `tls.connect()` does not enable the
+SNI (Server Name Indication) extension by default, which may cause some
+servers to return an incorrect certificate or reject the connection
+altogether. To enable SNI, set the `servername` option in addition
+to `host`.
+
 The following illustrates a client for the echo server example from
 [`tls.createServer()`][]: