I have a Java web app using mssql-jdbc v10.2.0.jre8 (https://mvnrepository.com/artifact/com.microsoft.sqlserver/mssql-jdbc/10.2.0.jre8) and we are occasionally seeing the following error:

java.security.cert.CertificateException: Failed to validate the server name ".xxx.yyyyyy.uksouth1-a.worker.database.windows.net"in a certificate during Secure Sockets Layer (SSL) initialization. Name in certificate ".sql.azuresynapse-dogfood.net"

I've found numerous issues from around 2017 / 2018 with (much) older versions of mssql-jdbc having this issue, but nothing reported for the version we're using.

We're using the JDBC connection string supplied by the Azure Portal,

jdbc:sqlserver://....database.windows.net:1433;database=...;user=...;password=...;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;

Which according to https://learn.microsoft.com/en-us/sql/connect/jdbc/connecting-with-ssl-encryption?view=sql-server-ver16 can cause the error we're seeing:

If the encrypt property is true and the trustServerCertificate property is false and if the server name in the connection string doesn't match the server name in the TLS certificate, the following error will be issued: The driver couldn't establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization.". With version 7.2 and up, the driver supports wildcard pattern matching in the left-most label of the server name in the TLS certificate.

We're reluctant to loosen the security settings recommended by Azure

Is this a known issue and is there a recommended workaround?