I use a client-server program (which I cannot modify) which uses a custom protocol based on TCP and encrypted using TLS.
A frontend reverse-poxy must be able to route traffic to 3 backend servers based on the SNI contained in the TLS header. So far so good, most known TCP reverse proxies can do this.
My issue: A specificity of this protocol is that the TLS handshake does not take place at the beginning of the connection but after having exchanged two unencrypted messages (always the same).
Is there a way with a reverse-proxy (Nginx, HAProxy or other) to redirect the start of the TCP connection to a default server and then switch to the correct server when TLS initializes?