Our current policy to our users is SNI by default, i.e. unless they explicitly require non-SNI TLS termination they get SNI termination. We went with this because browser support seems good[1] and because there are "easy" (albeit manual) workarounds (request a non-SNI VIP, use a CDN).

Granted, even with SNI TLS termination in gorouter we should still be able to perform TLS termination somewhere else for the few cases in which no SNI is really a requirement - but for this it's enough to not change the HTTP listener behavior.

[1]: http://caniuse.com/#feat=sni