From b5b3411f16adf19b5169d35c3465ae1baa68e26b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 6 Dec 2015 23:49:22 +0100
Subject: [PATCH] Fixes #1574

---
 lib/core/option.py          | 2 +-
 lib/request/httpshandler.py | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 55f56a1b0..a2804d1f5 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1897,7 +1897,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.safeReq = AttribDict()
     kb.singleLogFlags = set()
     kb.reduceTests = None
-    kb.tlsSNI = None
+    kb.tlsSNI = {}
     kb.stickyDBMS = False
     kb.stickyLevel = None
     kb.storeCrawlingChoice = None
diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py
index 432c190f5..5cf0613ca 100644
--- a/lib/request/httpshandler.py
+++ b/lib/request/httpshandler.py
@@ -45,12 +45,12 @@ class HTTPSConnection(httplib.HTTPSConnection):
 
         # Reference(s): https://docs.python.org/2/library/ssl.html#ssl.SSLContext
         #               https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni
-        if kb.tlsSNI != False and hasattr(ssl, "SSLContext"):
+        if kb.tlsSNI.get(self.host) != False and hasattr(ssl, "SSLContext"):
             for protocol in filter(lambda _: _ >= ssl.PROTOCOL_TLSv1, _protocols):
                 try:
                     sock = create_sock()
                     context = ssl.SSLContext(protocol)
-                    _ = context.wrap_socket(sock, do_handshake_on_connect=False, server_hostname=self.host)
+                    _ = context.wrap_socket(sock, do_handshake_on_connect=True, server_hostname=self.host)
                     if _:
                         success = True
                         self.sock = _
@@ -63,8 +63,8 @@ class HTTPSConnection(httplib.HTTPSConnection):
                     self._tunnel_host = None
                     logger.debug("SSL connection error occurred ('%s')" % getSafeExString(ex))
 
-            if kb.tlsSNI is None:
-                kb.tlsSNI = success
+            if kb.tlsSNI.get(self.host) is None:
+                kb.tlsSNI[self.host] = success
 
         if not success:
             for protocol in _protocols: