In both 1.9.x and master (haven't checked 1.8.x) the SSLEngineFactory has this bit of code:

             SSLEngine sslEngine = sslContext.createSSLEngine(peerHost, peerPort);
             if (!config.isAcceptAnyCertificate()) {
                 SSLParameters params = sslEngine.getSSLParameters();
                 params.setEndpointIdentificationAlgorithm("HTTPS");
                 sslEngine.setSSLParameters(params);
             }
            sslEngine.setUseClientMode(true);

Unfortunately running setSSLParameters before setUseClientMode prevents SSLEngine from replacing the default server-mode protocols with the default client-mode protocols.

This means that the default SSL Client Hello used is SSLv2Hello, as opposed to SSLv3, which does not play nicely with SNI.

The fix is to merely move the "setUseClientMode" line above the "setSSLParameters".