> I'm wondering if relayd supports using hostnames from SNI in TLS > connectons to proxy, but not terminate TLS.
are you looking for redirections? redirection lets you distribute load based strictly on TCP/IP characteristics (I mean this in the sense of that they don't do protocol inspection and also don't alter the contents in any way - just adding a pf(4) rule to direct traffic to one hosts) see: man -O tag=REDIRECTIONS relayd.conf
