ClickHouse Client: Autodetect secure connection based on port

[cwurm]

ClickHouse Client already autodetects port 9440 if --secure is specified, but the reverse is not true. Anecdotally, I see users missing --secure every once in a while and not being able to connect because of it. The error message when that happens isn't very helpful either: Poco::Exception. Code: 1000, e.code() = 22, Invalid argument (version 24.11.1.2557 (official build)).

This change implements autodetecting --secure if the port is 9440 (the default secure port). The command-line options --secure and --no-secure still take precedence.

I've also adjusted some of the docs not to specify both --secure and --port 9440. I chose to keep the port because I think users will generally expect to specify it when connecting to a database - but I don't have a strong opinion, and we could also keep --secure.

Changelog category (leave one):

• Improvement

Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):

Autodetect secure connection based on connecting to port 9440 in ClickHouse Client.

[robot-clickhouse-ci-1]

This is an automated comment for commit bd367f4 with description of existing statuses. It's updated for the latest CI running

✅ Click here to open a full report in a separate page

Successful checks

Check name	Description	Status
AST fuzzer	Runs randomly generated queries to catch program errors. The build type is optionally given in parenthesis. If it fails, ask a maintainer for help	✅ success
Builds	There's no description for the check yet, please add it to tests/ci/ci_config.py:CHECK_DESCRIPTIONS	✅ success
ClickBench	Runs [ClickBench](https://github.com/ClickHouse/ClickBench/) with instant-attach table	✅ success
Compatibility check	Checks that clickhouse binary runs on distributions with old libc versions. If it fails, ask a maintainer for help	✅ success
Docker keeper image	The check to build and optionally push the mentioned image to docker hub	✅ success
Docker server image	The check to build and optionally push the mentioned image to docker hub	✅ success
Docs check	Builds and tests the documentation	✅ success
Fast test	Normally this is the first check that is ran for a PR. It builds ClickHouse and runs most of stateless functional tests, omitting some. If it fails, further checks are not started until it is fixed. Look at the report to see which tests fail, then reproduce the failure locally as described here	✅ success
Flaky tests	Checks if new added or modified tests are flaky by running them repeatedly, in parallel, with more randomization. Functional tests are run 100 times with address sanitizer, and additional randomization of thread scheduling. Integration tests are run up to 10 times. If at least once a new test has failed, or was too long, this check will be red. We don't allow flaky tests, read the doc	✅ success
Install packages	Checks that the built packages are installable in a clear environment	✅ success
Integration tests	The integration tests report. In parenthesis the package type is given, and in square brackets are the optional part/total tests	✅ success
Performance Comparison	Measure changes in query performance. The performance test report is described in detail here. In square brackets are the optional part/total tests	✅ success
Stateful tests	Runs stateful functional tests for ClickHouse binaries built in various configurations -- release, debug, with sanitizers, etc	✅ success
Stateless tests	Runs stateless functional tests for ClickHouse binaries built in various configurations -- release, debug, with sanitizers, etc	✅ success
Stress test	Runs stateless functional tests concurrently from several clients to detect concurrency-related errors	✅ success
Style check	Runs a set of checks to keep the code style clean. If some of tests failed, see the related log from the report	✅ success
Unit tests	Runs the unit tests for different release types	✅ success
Upgrade check	Runs stress tests on server version from last release and then tries to upgrade it to the version from the PR. It checks if the new server can successfully startup without any errors, crashes or sanitizer asserts	✅ success

[alexey-milovidov]

Ok. While it would be better with a test, it is still good to merge.

[clickgapai]

Hi @cwurm @alexey-milovidov — while reviewing this PR I found the following:

• Bug (P1): Regression: port parameter dropped from enableSecureConnection() call in ConnectionParameters constructor — Regression: port parameter dropped from enableSecureConnection() call in ConnectionParameters constructor #101637

Happy to discuss — close anything that's wrong or already addressed.

[clickgapai]

Apologies for the duplicate notification — we had a race condition in our notification system where multiple processes posted simultaneously. The duplicate has been removed and we've added a strict 3-layer dedup guard (DB lock + immediate key + GitHub comment check) to ensure this cannot happen again.