![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 17%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECG%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 35%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELN%3C/text%3E%3C/svg%3E)
FIPS mode is described here: https://learn.microsoft.com/en-us/sql/connect/jdbc/fips-mode?view=sql-server-ver17. FIPS 140 appears be a US governments standard for cryptography.
The reason that the hostname appears in the TLS certificate is to prevent that you connect to server B when you intended to connect to server A. You would end up at server B, because someone has manipulated the DNS records. Server B may connect you to server A, so you may not notice. But the man-in-the-middle listens to the traffic and steals data. And who knows also distorts data sent in either direction.
I don't know about JDBC, but most other APIs has a connection string option Host Name in Certificate, which you can use, when you cannot connect with the name in the certificate. (For instance, the certificate has only the server name, but you need to use FQDN.)
There is also the option Trust Server Certificate, but that is definitely not secure.