doing other tests and put some log point, i've seen that no-SNI capable browser in this statement:
if { ([TCP::payload length] >= $record_offset) }
the tcp-payload length and record_offset are always the same number, so when there is this statement "binary scan [TCP::payload] @${record_offset}S tls_extenlen", the variable $tls_extenlen will not be created and so the TCL script break the execution
i've modified the statement like this "([TCP::payload length] > $record_offset)", and this seems to solve the issue. The no-SNI capable browser can access the VIP (with ssl warning about certification), and also the SNI capable can access
I don't know if it the right solution, but seems to work.. may be someone can indicate another way to make it work ^_^