TLS error with self-hosted database despite sslmode=disable (CLI 2.75.0)

TLS error with self-hosted database despite sslmode=disable (CLI 2.75.0) - regression of #4288

Describe the bug
I'm experiencing a TLS connection error when using supabase db push and other supabase commands with a self-hosted Supabase instance, despite specifying sslmode=disable in the connection string. This appears to be a regression of the issue reported in #4288, which was marked as resolved.

When running database commands without the --debug flag, the CLI fails with:

failed to connect to postgres: failed to connect to `host=<my database's local ip> user=supabase_admin database=postgres`: tls error (server refused TLS connection)

However, the exact same command succeeds when the --debug flag is added.

To Reproduce
Steps to reproduce the behavior:

Set up a self-hosted Supabase instance with PostgreSQL exposed directly (not through Supavisor)
Run the following command:

supabase db push --db-url "postgresql://supabase_admin:<password>@<ip>:5433/postgres?sslmode=disable"

Observe the TLS error
Run the same command with --debug:

supabase db push --db-url "postgresql://supabase_admin:password@<ip>:5433/postgres?sslmode=disable" --debug

Observe that it succeeds

Expected behavior
The command should respect the sslmode=disable parameter and connect successfully without requiring the --debug flag.

Actual Behavior

Without --debug: Fails with "tls error (server refused TLS connection)"
With --debug: Works perfectly, connects and applies migrations successfully

The CLI appears to ignore the sslmode=disable parameter unless the --debug flag is present

Screenshots
NA

System information
Rerun the failing command with --create-ticket flag.

Ticket ID: 1c217e156c264a7985ed08b5a76f06d9
Version of OS: Windows 11 Pro (Build 26220)
Version of CLI: 2.75.0 (installed with scoop)
Version of Docker: 29.1.3, build f52814d
Versions of services:

   SERVICE IMAGE          | LOCAL                  | LINKED
  ------------------------|------------------------|--------
   supabase/postgres      | 15.8.1.085             | -
   supabase/gotrue        | v2.186.0               | -
   postgrest/postgrest    | v14.3                  | -
   supabase/realtime      | v2.73.2                | -
   supabase/storage-api   | v1.35.3                | -
   supabase/edge-runtime  | v1.70.0                | -
   supabase/studio        | 2026.01.27-sha-2a37755 | -
   supabase/postgres-meta | v0.95.2                | -
   supabase/logflare      | 1.30.5                 | -
   supabase/supavisor     | 2.7.4                  | -

Additional context
Supabase commands that require Docker container seem to work with no tls errors, such as: supabase db dump --db-url "connection-string" and supabase db diff --db-url "connection-string"

Below information is true, but not likely relevant--figured out I made the ssl-on change in docker-compose.yml after the bug manifested itself.
~~UPDATE: Configuration Detail that might be relevant:~~

~~My PostgreSQL server has ssl=on (SSL enabled/available), but is configured to accept bothSSL and non-SSL connections.~~

I'm connecting from the local network without SSL using sslmode=disable in the connection string. This works perfectly with psql and Docker-based Supabase commands, confirming the server accepts non-SSL connections.

~~PostgreSQL Configuration:~~
~~- ssl = on (in postgresql.conf or docker-compose environment)~~
~~- No ssl_mode = require (allows non-SSL connections)~~

~~Network Setup:~~
~~- SSL URL exists for internet access via reverse proxy~~
~~- Local LAN connections should use non-SSL~~
~~- Connecting directly to PostgreSQL port (5433), not through proxy~~