SNI (Server Name Indication)

SSL Client can specify the domain name it is trying to reach, this is purely for server information
Server uses it to pick correct certificate when 1 server IP hosts multiple TLS sites
SSL Server can host multiple domains on 1 IP address. SNI is TLS extension(defined in RFC 6066) and carried in unencrypted ClientHello.

SSL Client                          SSL Server
        -- CLIENT HELLO -------------->
        (SNI:I want to connect xyz.com)
                                    Retrieve cert of xyz.com from store
        <--- Server Cert(xyz.com)------
Verified cert
        <------ Key exchange begin ---->
      

Benefits of SNI

1. A proxy can apply policies matching on domain name. if instead of SNI client connects on IP then policies cannot be searched based on IP and cannot be applied