diff --git a/nginx_strict-sni.patch b/nginx_strict-sni.patch
new file mode 100644
index 0000000..fc5d715
--- /dev/null
+++ b/nginx_strict-sni.patch
@@ -0,0 +1,31 @@
+diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
+index 98cc8c7..0810526 100644
+--- a/src/http/ngx_http_request.c
++++ b/src/http/ngx_http_request.c
+@@ -849,7 +849,7 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
+     servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name);
+ 
+     if (servername == NULL) {
+-        return SSL_TLSEXT_ERR_NOACK;
++        return SSL_TLSEXT_ERR_ALERT_FATAL;
+     }
+ 
+     c = ngx_ssl_get_connection(ssl_conn);
+@@ -864,7 +864,7 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
+     host.len = ngx_strlen(servername);
+ 
+     if (host.len == 0) {
+-        return SSL_TLSEXT_ERR_NOACK;
++        return SSL_TLSEXT_ERR_ALERT_FATAL;
+     }
+ 
+     host.data = (u_char *) servername;
+@@ -879,7 +879,7 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
+                                      NULL, &cscf)
+         != NGX_OK)
+     {
+-        return SSL_TLSEXT_ERR_NOACK;
++        return SSL_TLSEXT_ERR_ALERT_FATAL;
+     }
+ 
+     hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));