For outgoing TLS connections, might haproxy be taught to use a reasonable default/implicit value 'sni' [1] expression/behavior that would 'first do no harm'[2], and usually be correct, in the absence of an explicit expression ? (Understood that haproxy depends on an SSL lib)
E.g.; req.hdr(host) if it is set, else server(-template) <address> (if it is cfg'd as name, not IP), else ssl_fc_sni for bridged HTTPS, else ... ? If SNI [3] is used vs. an endpoint that doesn't require/utilize it, is it always innocuous ? Are increasing demands by service providers that clients (e.g.; haproxy vs. an SSL endoint) send SNI inevitable? Or is some alternative pending? Just wondering, ...jfree [1] http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#sni [2] https://en.wikipedia.org/wiki/Primum_non_nocere https://en.wikipedia.org/wiki/Robustness_principle [3] https://en.wikipedia.org/wiki/Server_Name_Indication
