> sudo tcpdump -ps0 -i eth0 -w eth0.64443.cap tcp port 64443 > > And then this on my Yosemite Mac > > curl > --insecure https://baz.example.com:64443<https://baz.example.com:64443/> > > And here's the result
The capture shows that there is now SNI emitted by the client. I think your node.js SNI tests was bogus, and that curl doesn't properly support SNI with the crypto library is SecureTransport instead of openssl, gnutls or cyassl. Try: curl https://sni.velox.ch/ -k You will see that SNI doesn't work with this client. Also see: https://mumble.org.uk/blog/2014/03/12/gpg-and-openssl-and-curl-and-osx/ Lukas
