diff --git a/pkg/sql/pgwire/auth_test.go b/pkg/sql/pgwire/auth_test.go
index 5a8c25fe33df..f87603c9a6d7 100644
--- a/pkg/sql/pgwire/auth_test.go
+++ b/pkg/sql/pgwire/auth_test.go
@@ -135,6 +135,7 @@ func TestAuthenticationAndHBARules(t *testing.T) {
 	skip.UnderRace(t, "takes >1min under race")
 
 	testutils.RunTrueAndFalse(t, "insecure", func(t *testing.T, insecure bool) {
+		defer leaktest.AfterTest(t)()
 		hbaRunTest(t, insecure)
 	})
 }
@@ -272,6 +273,9 @@ func hbaRunTest(t *testing.T, insecure bool) {
 				case "accept_sql_without_tls":
 					testServer.SetAcceptSQLWithoutTLS(true)
 
+				case "reject_sql_without_tls":
+					testServer.SetAcceptSQLWithoutTLS(false)
+
 				case "set_hba":
 					_, err := conn.ExecContext(context.Background(),
 						`SET CLUSTER SETTING server.host_based_authentication.configuration = $1`, td.Input)
diff --git a/pkg/sql/pgwire/testdata/auth/secure_non_tls b/pkg/sql/pgwire/testdata/auth/secure_non_tls
index 2a4e98ffc7b6..90688dae6ab1 100644
--- a/pkg/sql/pgwire/testdata/auth/secure_non_tls
+++ b/pkg/sql/pgwire/testdata/auth/secure_non_tls
@@ -71,3 +71,7 @@ local     all      all          password
 connect password=abc user=testuser sslmode=disable
 ----
 ERROR: authentication rejected by configuration (SQLSTATE 28000)
+
+# Revert enable non-TLS secure connections.
+reject_sql_without_tls
+----