Postgres SSL on Amazon RDS without supplying pub key?

Question

Given this connection command

psql --host=test-psql-db.xxxxxxxxx.us-west-2.rds.amazonaws.com --port=5432 --username=someuser --password  "dbname=somedb"

I see this result

psql (9.4.1, server 9.3.5)
SSL connection (protocol: TLSv1.2, cipher: DHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
Type "help" for help.

somedb=> 

So I have an SSL connection, but I did not supply Amazon's public key for my RDS instance, below is the connection command I thought I needed to use to achieve SSL encryption

 psql --host=test-psql-db.xxxxxxxxx.us-west-2.rds.amazonaws.com --port=5432 --username=someuser --password  "sslmode=verify-full sslrootcert=rds-ssl-ca-cert.pem  dbname=somedb"

Which yields the same result

psql (9.4.1, server 9.3.5)
SSL connection (protocol: TLSv1.2, cipher: DHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
Type "help" for help.

stamp4s_test=> 

So is my connection secure without the public key? I'm not sure I'm understanding the entire picture here.

Answer 1

Postgre server cert is always trusted by default. Connection will be crypted, but the server identity isn't verified w/o pub key.

Postgre docs: 31.17.1. Client Verification of Server Certificates By default, PostgreSQL will not perform any verification of the server certificate.