diff --git a/src/routes/api/internal/diagnostics/tls-handshake/+server.ts b/src/routes/api/internal/diagnostics/tls-handshake/+server.ts
index e8e90764..68de94e3 100644
--- a/src/routes/api/internal/diagnostics/tls-handshake/+server.ts
+++ b/src/routes/api/internal/diagnostics/tls-handshake/+server.ts
@@ -6,6 +6,7 @@ import { errorManager } from '$lib/utils/error-manager';
 
 interface TLSHandshakeRequest {
   hostname: string;
+  servername?: string;
   port?: number;
 }
 
@@ -18,6 +19,7 @@ interface HandshakePhase {
 
 interface TLSHandshakeResponse {
   hostname: string;
+  servername?: string;
   port: number;
   success: boolean;
   totalTime: number;
@@ -38,7 +40,7 @@ interface TLSHandshakeResponse {
 export const POST: RequestHandler = async ({ request }) => {
   try {
     const body: TLSHandshakeRequest = await request.json();
-    const { hostname, port = 443 } = body;
+    const { hostname, port = 443, servername } = body;
 
     if (!hostname || typeof hostname !== 'string' || !hostname.trim()) {
       throw error(400, 'Hostname is required');
@@ -46,7 +48,7 @@ export const POST: RequestHandler = async ({ request }) => {
 
     const trimmedHostname = hostname.trim();
 
-    const result = await performTLSHandshake(trimmedHostname, port);
+    const result = await performTLSHandshake(trimmedHostname, port, servername);
     return json(result);
   } catch (err) {
     errorManager.captureException(err, 'error', { component: 'TLS Handshake API' });
@@ -57,7 +59,7 @@ export const POST: RequestHandler = async ({ request }) => {
   }
 };
 
-function performTLSHandshake(hostname: string, port: number): Promise<TLSHandshakeResponse> {
+function performTLSHandshake(hostname: string, port: number, servername?: string): Promise<TLSHandshakeResponse> {
   return new Promise((resolve, reject) => {
     const phases: HandshakePhase[] = [];
     const startTime = Date.now();
@@ -101,7 +103,7 @@ function performTLSHandshake(hostname: string, port: number): Promise<TLSHandsha
     const tlsSocket = (tls as any).connect(
       {
         socket: tcpSocket,
-        servername: hostname,
+        servername: servername || hostname,
         // SECURITY: rejectUnauthorized must be false for this TLS diagnostic tool.
         // This tool analyzes TLS handshakes including servers with certificate issues.
         rejectUnauthorized: false,
@@ -128,6 +130,7 @@ function performTLSHandshake(hostname: string, port: number): Promise<TLSHandsha
 
           const response: TLSHandshakeResponse = {
             hostname,
+            servername: servername || hostname,
             port,
             success: true,
             totalTime,
diff --git a/src/routes/api/internal/diagnostics/tls/+server.ts b/src/routes/api/internal/diagnostics/tls/+server.ts
index 867e2dbc..1521f3ed 100644
--- a/src/routes/api/internal/diagnostics/tls/+server.ts
+++ b/src/routes/api/internal/diagnostics/tls/+server.ts
@@ -41,6 +41,7 @@ interface OCSPStaplingReq extends BaseReq {
 interface CipherPresetsReq extends BaseReq {
   action: 'cipher-presets';
   hostname: string;
+  servername?: string;
   port?: number;
 }
 
@@ -388,7 +389,7 @@ async function checkOCSPStapling(hostname: string, port: number = 443): Promise<
 }
 
 // Cipher Presets test implementation
-async function testCipherPresets(hostname: string, port: number = 443): Promise<any> {
+async function testCipherPresets(hostname: string, port: number = 443, servername?: string): Promise<any> {
   // First verify the host is reachable by attempting a basic TLS connection
   try {
     await new Promise<void>((resolve, reject) => {
@@ -396,6 +397,7 @@ async function testCipherPresets(hostname: string, port: number = 443): Promise<
         {
           host: hostname,
           port,
+          servername: servername || hostname,
           // SECURITY: rejectUnauthorized must be false to test cipher presets (see above)
           rejectUnauthorized: false,
         },
@@ -874,7 +876,7 @@ export const POST: RequestHandler = async ({ request }) => {
       }
 
       case 'cipher-presets': {
-        const { hostname, port = 443 } = body as CipherPresetsReq;
+        const { hostname, port = 443, servername } = body as CipherPresetsReq;
 
         // Validate hostname
         if (!hostname || typeof hostname !== 'string' || hostname.trim() === '') {
@@ -886,8 +888,8 @@ export const POST: RequestHandler = async ({ request }) => {
           throw error(400, 'Invalid port number');
         }
 
-        const result = await testCipherPresets(hostname, port);
-        return json({ ...result, hostname, port });
+        const result = await testCipherPresets(hostname, port, servername);
+        return json({ ...result, hostname, port, servername });
       }
 
       case 'banner': {
diff --git a/src/routes/diagnostics/tls/banner/+page.svelte b/src/routes/diagnostics/tls/banner/+page.svelte
index a0c68eec..0f170fc2 100644
--- a/src/routes/diagnostics/tls/banner/+page.svelte
+++ b/src/routes/diagnostics/tls/banner/+page.svelte
@@ -7,6 +7,8 @@
 
   let host = $state('');
   let port = $state<number | null>(null);
+  let servername = $state('');
+  let useCustomServername = $state(false);
   let service = $state('custom');
 
   const diagnosticState = useDiagnosticState<any>();
@@ -79,6 +81,7 @@
         body: JSON.stringify({
           action: 'banner',
           host: host.trim(),
+          servername: useCustomServername && servername ? servername.trim() : undefined,
           port: port,
         }),
       });
@@ -210,15 +213,45 @@
         </div>
       </div>
 
-      <button onclick={grabBanner} disabled={diagnosticState.loading || !isInputValid} class="primary">
-        {#if diagnosticState.loading}
-          <Icon name="loader" size="sm" animate="spin" />
-          Connecting...
-        {:else}
-          <Icon name="terminal" size="sm" />
-          Grab Banner
-        {/if}
-      </button>
+      <div class="form-row">
+        <div class="form-group">
+          <label class="checkbox-group">
+            <input
+              type="checkbox"
+              bind:checked={useCustomServername}
+              onchange={() => {
+                examples.clear();
+                if (isInputValid()) grabBanner();
+              }}
+            />
+            Use custom SNI servername
+          </label>
+          {#if useCustomServername}
+            <input
+              type="text"
+              bind:value={servername}
+              placeholder="example.com"
+              use:tooltip={'Custom servername for SNI (Server Name Indication)'}
+              onchange={() => {
+                examples.clear();
+                if (isInputValid()) grabBanner();
+              }}
+            />
+          {/if}
+        </div>
+      </div>
+
+      <div class="action-section">
+        <button onclick={grabBanner} disabled={diagnosticState.loading || !isInputValid} class="primary">
+          {#if diagnosticState.loading}
+            <Icon name="loader" size="sm" animate="spin" />
+            Connecting...
+          {:else}
+            <Icon name="terminal" size="sm" />
+            Grab Banner
+          {/if}
+        </button>
+      </div>
     </div>
   </div>
 
diff --git a/src/routes/diagnostics/tls/cipher-presets/+page.svelte b/src/routes/diagnostics/tls/cipher-presets/+page.svelte
index 2cb1e4e6..e74bcc33 100644
--- a/src/routes/diagnostics/tls/cipher-presets/+page.svelte
+++ b/src/routes/diagnostics/tls/cipher-presets/+page.svelte
@@ -7,6 +7,8 @@
 
   let hostname = $state('example.com');
   let port = $state('443');
+  let servername = $state('');
+  let useCustomServername = $state(false);
   const diagnosticState = useDiagnosticState<any>();
   const examplesList = [
     { host: 'github.com', port: '443', description: 'GitHub cipher support' },
@@ -14,6 +16,17 @@
     { host: 'google.com', port: '443', description: 'Google cipher support' },
   ];
   const examples = useExamples(examplesList);
+  
+  // Reactive validation
+  const isInputValid = $derived(() => {
+    const trimmedHost = host.trim();
+    if (!trimmedHost) return false;
+    if (port === null || port < 1 || port > 65535) return false;
+    // Basic hostname/IP validation
+    const hostPattern =
+      /^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)*[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?$|^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$|^\[?[a-fA-F0-9:]+\]?$/;
+    return hostPattern.test(trimmedHost);
+  });
 
   async function testCiphers() {
     if (!hostname?.trim()) {
@@ -30,6 +43,7 @@
         body: JSON.stringify({
           action: 'cipher-presets',
           hostname: hostname.trim().toLowerCase(),
+          servername: useCustomServername && servername ? servername.trim() : undefined,
           port: parseInt(port) || 443,
         }),
       });
@@ -94,40 +108,73 @@
       <h3>Cipher Presets Configuration</h3>
     </div>
     <div class="card-content">
-      <div class="form-group">
-        <label for="hostname">Hostname and Port</label>
-        <div class="input-flex-container">
-          <input
-            id="hostname"
-            type="text"
-            bind:value={hostname}
-            placeholder="example.com"
-            disabled={diagnosticState.loading}
-            onchange={() => examples.clear()}
-            onkeydown={(e) => e.key === 'Enter' && testCiphers()}
-            class="flex-grow"
-          />
-          <input
-            id="port"
-            type="text"
-            bind:value={port}
-            placeholder="443"
-            disabled={diagnosticState.loading}
-            onchange={() => examples.clear()}
-            onkeydown={(e) => e.key === 'Enter' && testCiphers()}
-            class="port-input"
-          />
-          <button onclick={testCiphers} disabled={diagnosticState.loading} class="primary">
-            {#if diagnosticState.loading}
-              <Icon name="loader" size="sm" animate="spin" />
-              Testing...
-            {:else}
-              <Icon name="search" size="sm" />
-              Test
-            {/if}
-          </button>
+      <div class="form-row">
+        <div class="form-group">
+          <label for="hostname">Hostname and Port</label>
+          <div class="input-flex-container">
+            <input
+              id="hostname"
+              type="text"
+              bind:value={hostname}
+              placeholder="example.com"
+              disabled={diagnosticState.loading}
+              onchange={() => examples.clear()}
+              onkeydown={(e) => e.key === 'Enter' && testCiphers()}
+              class="flex-grow"
+            />
+            <input
+              id="port"
+              type="text"
+              bind:value={port}
+              placeholder="443"
+              disabled={diagnosticState.loading}
+              onchange={() => examples.clear()}
+              onkeydown={(e) => e.key === 'Enter' && testCiphers()}
+              class="port-input"
+            />
+          </div>
+        </div>
+      </div>
+
+      <div class="form-row">
+        <div class="form-group">
+          <label class="checkbox-group">
+            <input
+              type="checkbox"
+              bind:checked={useCustomServername}
+              onchange={() => {
+                examples.clear();
+                if (isInputValid()) testCiphers();
+              }}
+            />
+            Use custom SNI servername
+          </label>
+          {#if useCustomServername}
+            <input
+              type="text"
+              bind:value={servername}
+              placeholder="example.com"
+              use:tooltip={'Custom servername for SNI (Server Name Indication)'}
+              onchange={() => {
+                examples.clear();
+                if (isInputValid()) testCiphers();
+              }}
+            />
+          {/if}
         </div>
       </div>
+
+      <div class="action-section">
+        <button onclick={testCiphers} disabled={diagnosticState.loading || !isInputValid} class="primary">
+          {#if diagnosticState.loading}
+            <Icon name="loader" size="sm" animate="spin" />
+            Testing...
+          {:else}
+            <Icon name="search" size="sm" />
+            Test
+          {/if}
+        </button>
+      </div>
     </div>
   </div>
 
diff --git a/src/routes/diagnostics/tls/handshake-analyzer/+page.svelte b/src/routes/diagnostics/tls/handshake-analyzer/+page.svelte
index f8d93094..04935900 100644
--- a/src/routes/diagnostics/tls/handshake-analyzer/+page.svelte
+++ b/src/routes/diagnostics/tls/handshake-analyzer/+page.svelte
@@ -34,6 +34,8 @@
 
   let hostname = $state('google.com');
   let port = $state(443);
+  let servername = $state('');
+  let useCustomServername = $state(false);
   const diagnosticState = useDiagnosticState<TLSHandshakeResponse>();
   const clipboard = useClipboard();
   const examplesList = [
@@ -45,6 +47,17 @@
     { hostname: 'zoom.us', port: 443, description: 'Zoom' },
   ];
   const examples = useExamples(examplesList);
+  
+  // Reactive validation
+  const isInputValid = $derived(() => {
+    const trimmedHost = host.trim();
+    if (!trimmedHost) return false;
+    if (port === null || port < 1 || port > 65535) return false;
+    // Basic hostname/IP validation
+    const hostPattern =
+      /^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)*[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?$|^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$|^\[?[a-fA-F0-9:]+\]?$/;
+    return hostPattern.test(trimmedHost);
+  });
 
   async function analyzeHandshake() {
     diagnosticState.startOperation();
@@ -53,7 +66,11 @@
       const response = await fetch('/api/internal/diagnostics/tls-handshake', {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ hostname: hostname.trim(), port }),
+        body: JSON.stringify({
+          hostname: hostname.trim(), 
+          port,
+          servername: useCustomServername && servername ? servername.trim() : undefined
+        }),
       });
 
       if (!response.ok) {
@@ -124,8 +141,8 @@
       <h3>Handshake Analysis</h3>
     </div>
     <div class="card-content">
-      <div class="lookup-form">
-        <div class="input-row">
+      <div class="form-row">
+        <div class="form-group">
           <label for="hostname"> Hostname </label>
           <input
             id="hostname"
@@ -142,6 +159,37 @@
           <label for="port"> Port </label>
           <input id="port" type="number" bind:value={port} placeholder="443" min="1" max="65535" />
         </div>
+      </div>
+
+      <div class="form-row">
+        <div class="form-group">
+          <label class="checkbox-group">
+            <input
+              type="checkbox"
+              bind:checked={useCustomServername}
+              onchange={() => {
+                examples.clear();
+                if (isInputValid()) analyzeHandshake();
+              }}
+            />
+            Use custom SNI servername
+          </label>
+          {#if useCustomServername}
+            <input
+              type="text"
+              bind:value={servername}
+              placeholder="example.com"
+              use:tooltip={'Custom servername for SNI (Server Name Indication)'}
+              onchange={() => {
+                examples.clear();
+                if (isInputValid()) analyzeHandshake();
+              }}
+            />
+          {/if}
+        </div>
+      </div>
+
+      <div class="action-section">
         <button class="lookup-btn" onclick={analyzeHandshake} disabled={diagnosticState.loading || !hostname.trim()}>
           {#if diagnosticState.loading}
             <Icon name="loader" size="sm" animate="spin" />
@@ -342,35 +390,6 @@
 </div>
 
 <style lang="scss">
-  .lookup-form {
-    display: flex;
-    gap: var(--spacing-md);
-    align-items: flex-end;
-
-    label {
-      display: block;
-      margin-bottom: var(--spacing-sm);
-      color: var(--text-primary);
-      font-weight: 500;
-    }
-
-    @media (max-width: 768px) {
-      flex-direction: column;
-      align-items: stretch;
-    }
-  }
-
-  .input-row {
-    flex: 1;
-    display: flex;
-    flex-direction: column;
-    min-width: 0;
-
-    input {
-      width: 100%;
-    }
-  }
-
   .port-row {
     display: flex;
     flex-direction: column;