diff --git a/CHANGELOG b/CHANGELOG
index 656c817df..602b43677 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [GH#708][NSE] TLS SNI now works correctly for NSE HTTP requests initiated
+  with option any_af. As an added benefit, option any_af is now available for
+  all connections via comm.lua, not just HTTP requests. [nnposter]
+
 o [NSE][GH#713] New script impress-remote-discover attempts to pair with the
   LibreOffice Impress presentation remote service and extract version info.
   Pairing is PIN-protected, and the script can optionally brute-force the PIN.
diff --git a/nselib/comm.lua b/nselib/comm.lua
index 11601d6b2..a3178ebb9 100644
--- a/nselib/comm.lua
+++ b/nselib/comm.lua
@@ -14,6 +14,7 @@
 -- * <code>connect_timeout</code> - socket timeout for connection. Default: same as <code>stdnse.get_timeout</code>
 -- * <code>request_timeout</code> - additional socket timeout for requests. This is added to the connect_timeout to get a total time for a request to receive a response. Default: 6000ms
 -- * <code>recv_before</code> - boolean, receive data before sending first payload
+-- * <code>any_af</code> - boolean, allow connecting to any address family, inet or inet6. By default, these functions will only use the same AF as nmap.address_family to resolve names.
 --
 -- If both <code>"bytes"</code> and <code>"lines"</code> are provided,
 -- <code>"lines"</code> takes precedence. If neither are given, the functions
@@ -64,6 +65,13 @@ local setup_connect = function(host, port, opts)
 
   sock:set_timeout(connect_timeout)
 
+  if type(host) == "string" and opts.any_af then
+    local status, addrs = nmap.resolve(host)
+    if status then
+      host = {ip = addrs[1], targetname = host}
+    end
+  end
+
   local status, err = sock:connect(host, port, opts.proto)
 
   if not status then
diff --git a/nselib/http.lua b/nselib/http.lua
index b7167f7af..e3eb4998f 100644
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -72,7 +72,7 @@
 -- * <code>bypass_cache</code>: Do not perform a lookup in the local HTTP cache.
 -- * <code>no_cache</code>: Do not save the result of this request to the local HTTP cache.
 -- * <code>no_cache_body</code>: Do not save the body of the response to the local HTTP cache.
--- * <code>any_af</code>: Allow connecting to any address family, inet or inet6. By default, these functions will only use the same AF as nmap.address_family to resolve names.
+-- * <code>any_af</code>: Allow connecting to any address family, inet or inet6. By default, these functions will only use the same AF as nmap.address_family to resolve names. (This option is a straight pass-thru to <code>comm.lua</code> functions.)
 -- * <code>redirect_ok</code>: Closure that overrides the default redirect_ok used to validate whether to follow HTTP redirects or not. False, if no HTTP redirects should be followed. Alternatively, a number may be passed to change the number of redirects to follow.
 --   The following example shows how to write a custom closure that follows 5 consecutive redirects, without the safety checks in the default redirect_ok:
 --   <code>
@@ -1192,12 +1192,7 @@ local function request(host, port, data, options)
 
   method = string.match(data, "^(%S+)")
 
-  if type(host) == "string" and options.any_af then
-    local status, addrs = nmap.resolve(host)
-    host = addrs[1] or host
-  end
-
-  local socket, partial, opts = comm.tryssl(host, port, data, { timeout = options.timeout })
+  local socket, partial, opts = comm.tryssl(host, port, data, {timeout = options.timeout, any_af = options.any_af})
 
   if not socket then
     stdnse.debug1("http.request socket error: %s", partial)