Re: TCP/IP vs. HTTP(S)
And if TLS is in the picture, there may be SNI as well, further confusing the issue. The SNI name is usually the same as the Host header value, for HTTPS, less the optional port suffix; but it doesn't have to be.
The application (e.g. browser) has to tell the TLS layer what SNI name to use. Some TLS APIs may not provide a way to do this separately from the target FQDN (or bare hostname or address) supplied by the user - that is, the TLS API may combine the DNS lookup, SNI configuration, and connection into a single call. That would force the application to use a "correct" name (i.e. one the server recognizes for SNI purposes) in your step 1, in order to get the correct server certificate to perform destination validation.
For that matter, if TLS and PKIX are involved, the application has to match some user-provided string against the SANs in the server certificate. Normally that comes from your step 1.
With other TLS APIs SNI, DNS, connection, and server-certificate SAN matching are separate. You can set SNI and server name explicitly using the s_client command of the openssl utility, for example. I'm not aware of a popular browser which gives you that level of control, but, hey, they're mostly open-source.