I read you mentioned firefox. I had a similar experience a while ago, related to this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1704774#c13

The nginx documentation for the ssl preread module has an almost identical example.

I am running a similar setup to yours. The issue is that only one server block can listen to an address+port pair. You ought to do something like this:

map $ssl_preread_server_name $proxy_backend_router {
        serviceA.example.com    upstreamA:12346;
        serviceB.example.com    upstreamB:12346;
        default $ssl_preread_server_name.invalid_proxy:443;
}


server {
        listen 443;
        ssl_preread on;
        proxy_pass $proxy_backend_router;
}

What you should be asking is whether the cables qre the bottleneck in your network or not.

Is there any link that is not negotiating 1Gbps? Do you have devices that could push 10Gbps but the cable is not allowing it? If not, then there’s no need to upgrade them.

Unless, of course, if you want to do it just for fun, which is also a legitimate reason 😄