Yes, if the certificates matches both hostnames (for example due to a wildcart certificate or multiple SAN’s), the browser will use the same TLS session for both hostnames. This is an important thing to keep in mind, when using SNI to route between backends.
If cloud.domain.com.au and support.domain.com.au are never requested from the same browser/client, this issue may not present itself. But if it is, its likely request will be routed to the wrong backend.
Indeed, terminating TLS on haproxy and using the Host header to route the traffic to the correct backend is what fixes this issue, regardless of the certificate.