I was trying something very similar but path based ssl handshake. So far what I read is it is not possible with HAProxy. In this example, we have to use tcp mode. But in order to check the path, we need http mode.
frontend https-switch
bind *:8888
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
acl auth_request path_end -i /auth # this will always return false
use_backend recir_clientcertenabled if auth_request
default_backend recir_default