diff --git a/nginx_strict-sni.patch b/nginx_strict-sni.patch
index 94b3855..3bee9be 100644
--- a/nginx_strict-sni.patch
+++ b/nginx_strict-sni.patch
@@ -1,22 +1,55 @@
 diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
-index 75129134..4b4821bd 100644
+index 75129134..a41edeab 100644
 --- a/src/event/ngx_event_openssl.c
 +++ b/src/event/ngx_event_openssl.c
-@@ -2547,6 +2547,7 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
+@@ -1455,6 +1455,14 @@ ngx_ssl_handshake(ngx_connection_t *c)
+ 
+     c->read->error = 1;
+ 
++#if (!defined SSL_R_CALLBACK_FAILED || !defined SSL_F_FINAL_SERVER_NAME)
++    if (sslerr == SSL_ERROR_SSL) {
++        ERR_peek_error();
++        ERR_clear_error();
++        return NGX_ERROR;
++    }
++#endif
++
+     ngx_ssl_connection_error(c, sslerr, err, "SSL_do_handshake() failed");
+ 
+     return NGX_ERROR;
+@@ -1568,6 +1576,14 @@ ngx_ssl_try_early_data(ngx_connection_t *c)
+ 
+     c->read->error = 1;
+ 
++#if (!defined SSL_R_CALLBACK_FAILED || !defined SSL_F_FINAL_SERVER_NAME)
++    if (sslerr == SSL_ERROR_SSL) {
++        ERR_peek_error();
++        ERR_clear_error();
++        return NGX_ERROR;
++    }
++#endif
++
+     ngx_ssl_connection_error(c, sslerr, err, "SSL_read_early_data() failed");
+ 
+     return NGX_ERROR;
+@@ -2547,6 +2563,9 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
      char *text)
  {
      int         n;
++#if (defined SSL_R_CALLBACK_FAILED && defined SSL_F_FINAL_SERVER_NAME)
 +    int         f;
++#endif
      ngx_uint_t  level;
  
      level = NGX_LOG_CRIT;
-@@ -2583,6 +2584,18 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
+@@ -2583,6 +2602,20 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
  
          n = ERR_GET_REASON(ERR_peek_error());
  
 +        /* Strict SNI Error Patch
 +         * https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-427040319
 +         */
++#if (defined SSL_R_CALLBACK_FAILED && defined SSL_F_FINAL_SERVER_NAME)
 +        if (n == SSL_R_CALLBACK_FAILED) {
 +            f = ERR_GET_FUNC(ERR_peek_error());
 +            if (f == SSL_F_FINAL_SERVER_NAME) {
@@ -25,6 +58,7 @@ index 75129134..4b4821bd 100644
 +                return;
 +            }
 +        }
++#endif
 +
              /* handshake failures */
          if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC                        /*  103 */