Well, it is SNI. SSLLabs confirms it.
And considering each of my services use a different SSL certificate and sub-domain, all through a single NginX reverse proxy, it HAS
to be SNI (all Virtual Hosts use almost an identical configuration as that seen here
, only with different server_name and log file locations.) I have been using it this way for more than a year and a half, with Sonarr, NZBGet and Couchpotato currently, and Sabnzbd, Sickbeard, and HeadPhones in the past.
I use basic auth through NginX as my authentication mechanism (sending with user:firstname.lastname@example.org
format in the IP/Host field in NZB360's settings) with all internal authentication turned off for each service except NZBGet, I use port 443 for the Server port and check the 'Use SSL/HTTPS' check box for each as well.
It works wonderfully for me.
Edit: added ssllabs screenshot link.