diff --git a/doc/configuration.txt b/doc/configuration.txt
index 6a90bfadb..678d2ee26 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -6646,8 +6646,9 @@ http-reuse { never | safe | aggressive | always }
     - connections made with "usesrc" followed by a client-dependent value
       ("client", "clientip", "hdr_ip") are marked private and never shared;
 
-    - connections sent to a server with a TLS SNI extension are marked private
-      and are never shared;
+    - connections sent to a server with a variable value as TLS SNI extension
+      are marked private and are never shared. This is not the case if the SNI
+      is guaranteed to be a constant, as for example using a literal string;
 
     - connections with certain bogus authentication schemes (relying on the
       connection) like NTLM are detected, marked private and are never shared;
diff --git a/src/backend.c b/src/backend.c
index 789becee2..ba642d958 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -1521,7 +1521,10 @@ int connect_server(struct stream *s)
 					   srv->ssl_ctx.sni, SMP_T_STR);
 		if (smp_make_safe(smp)) {
 			ssl_sock_set_servername(srv_conn, smp->data.u.str.area);
-			conn_set_private(srv_conn);
+			if (!(srv->ssl_ctx.sni->fetch->use & SMP_USE_INTRN) ||
+			    smp->flags & SMP_F_VOLATILE) {
+				conn_set_private(srv_conn);
+			}
 		}
 	}
 #endif /* USE_OPENSSL */