It seems that haproxy and newer versions of curl have trouble with the SNI-based switching.
If anyone would care to test on their own machine, this is what I'm doing: This is my server's config file: https://gist.github.com/coolaj86/2faa07aa535e6dc04639 Update /etc/hosts point to my test server: 66.172.33.29 foo.example.com 66.172.33.29 bar.example.com 66.172.33.29 baz.example.com When I use Chrome, Firefox, or Safari on my macbook I get the expected results These follow the SNI rules (they go to the 'bar' or 'baz' pages): https://bar.example.com:64443 https://baz.example.com:64443 These fall through to the default (they go to the 'default' page): https://66.172.33.29:64443 https://foo.example.com:64443 But when I use curl bundled with Yosemite (or from Brew) on my macbook, it's not switching. curl --insecure https://bar.example.com:64443 Default on 1443 These are the versions I'm testing with: curl --version curl 7.37.1 (x86_64-apple-darwin14.0) libcurl/7.37.1 SecureTransport zlib/1.2.5 /usr/local/opt/curl/bin/curl --version curl 7.42.1 (x86_64-apple-darwin14.3.0) libcurl/7.42.1 SecureTransport zlib/1.2.5 Yet I have a node.js (io.js v2.3.1) service that switches based on SNI which is working just fine with curl. # exactly what I expect (served from node.js with SNICallback) curl https://coolaj86.com Also, when I use curl on either of my test servers I get the correct results. Here are their versions: curl --version curl 7.27.0 (x86_64-pc-linux-gnu) libcurl/7.27.0 OpenSSL/1.0.1c zlib/1.2.7 libidn/1.25 librtmp/2.3 curl --version curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3 Any ideas on this one?
