diff --git a/ssl_unix.c b/ssl_unix.c
index 749f2c9..7cff2c8 100644
--- a/ssl_unix.c
+++ b/ssl_unix.c
@@ -273,6 +273,18 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
 				/* create connection */
   if (!(stream->con = (SSL *) SSL_new (stream->context)))
     return "SSL connection failed";
+#if OPENSSL_VERSION_NUMBER >= 0x10200000L
+  ASN1_OCTET_STRING *ip;
+  /* support SNI if host is not an IP address */
+  /* per RFC 6066: */
+  /* Literal IPv4 and IPv6 addresses are not permitted in "HostName". */
+  /* a2i_IPADDRESS is available since OpenSSL 1.0.2 */
+  ip = a2i_IPADDRESS(host);
+  if (ip == NULL) {
+    ERR_clear_error();
+    SSL_set_tlsext_host_name(stream->con,host);
+  }
+#endif
   bio = BIO_new_socket (stream->tcpstream->tcpsi,BIO_NOCLOSE);
   SSL_set_bio (stream->con,bio,bio);
   SSL_set_connect_state (stream->con);