diff --git a/src/ssl_clienthello.c b/src/ssl_clienthello.c
index 4f939440c..1ee13bae1 100644
--- a/src/ssl_clienthello.c
+++ b/src/ssl_clienthello.c
@@ -16,6 +16,7 @@
 #include <haproxy/proto_tcp.h>
 #include <haproxy/quic_conn.h>
 #include <haproxy/quic_openssl_compat.h>
+#include <haproxy/quic_ssl.h>
 #include <haproxy/quic_tp.h>
 #include <haproxy/ssl_ckch.h>
 #include <haproxy/ssl_gencert.h>
@@ -28,6 +29,9 @@ static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
 	SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
 	SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
 	SSL_set_SSL_CTX(ssl, ctx);
+#if defined(USE_QUIC) && defined(HAVE_OPENSSL_QUIC)
+	quic_ssl_set_tls_cbs(ssl);
+#endif
 }
 
 /*
diff --git a/src/ssl_gencert.c b/src/ssl_gencert.c
index 551331644..375eb4883 100644
--- a/src/ssl_gencert.c
+++ b/src/ssl_gencert.c
@@ -12,6 +12,7 @@
 
 #include <haproxy/errors.h>
 #include <haproxy/openssl-compat.h>
+#include <haproxy/quic_ssl.h>
 #include <haproxy/ssl_ckch.h>
 #include <haproxy/ssl_sock.h>
 #include <haproxy/xxhash.h>
@@ -284,8 +285,12 @@ SSL_CTX *ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind
 		HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
 		lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_ckch->cert, 0);
 		if (lru && lru->domain) {
-			if (ssl)
+			if (ssl) {
 				SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
+#if defined(USE_QUIC) && defined(HAVE_OPENSSL_QUIC)
+				quic_ssl_set_tls_cbs(ssl);
+#endif
+			}
 			HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
 			return (SSL_CTX *)lru->data;
 		}
@@ -354,12 +359,18 @@ int ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind
 			lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
 		}
 		SSL_set_SSL_CTX(ssl, ssl_ctx);
+#if defined(USE_QUIC) && defined(HAVE_OPENSSL_QUIC)
+		quic_ssl_set_tls_cbs(ssl);
+#endif
 		HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
 		return 1;
 	}
 	else {
 		ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
 		SSL_set_SSL_CTX(ssl, ssl_ctx);
+#if defined(USE_QUIC) && defined(HAVE_OPENSSL_QUIC)
+		quic_ssl_set_tls_cbs(ssl);
+#endif
 		/* No LRU cache, this CTX will be released as soon as the session dies */
 		SSL_CTX_free(ssl_ctx);
 		return 1;