diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h
index f04317ae9..ce66cdfa1 100644
--- a/include/proto/ssl_sock.h
+++ b/include/proto/ssl_sock.h
@@ -54,7 +54,9 @@ const char *ssl_sock_get_sni(struct connection *conn);
 const char *ssl_sock_get_cert_sig(struct connection *conn);
 const char *ssl_sock_get_cipher_name(struct connection *conn);
 const char *ssl_sock_get_proto_version(struct connection *conn);
+void ssl_sock_set_alpn(struct connection *conn, const unsigned char *, int);
 void ssl_sock_set_servername(struct connection *conn, const char *hostname);
+
 int ssl_sock_get_cert_used_sess(struct connection *conn);
 int ssl_sock_get_cert_used_conn(struct connection *conn);
 int ssl_sock_get_remote_common_name(struct connection *conn,
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b6db4c575..d45e3e27b 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6102,6 +6102,13 @@ ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
 	return 1;
 }
 
+void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
+{
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+	SSL_set_alpn_protos(conn->xprt_ctx, alpn, len);
+#endif
+}
+
 /* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
  * to disable SNI.
  */