diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 5ac81d36a..f866bfd08 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6350,6 +6350,40 @@ static int ssl_check_async_engine_count(void) {
 }
 #endif
 
+/* "show fd" helper to dump ssl internals. Warning: the output buffer is often
+ * the common trash!
+ */
+static void ssl_sock_show_fd(struct buffer *buf, const struct connection *conn, const void *ctx)
+{
+	const struct ssl_sock_ctx *sctx = ctx;
+
+	if (!sctx)
+		return;
+
+	if (sctx->conn != conn)
+		chunk_appendf(&trash, " xctx.conn=%p(BOGUS!)", sctx->conn);
+	chunk_appendf(&trash, " xctx.st=%d", sctx->xprt_st);
+
+	if (sctx->xprt) {
+		chunk_appendf(&trash, " .xprt=%s", sctx->xprt->name);
+		if (sctx->xprt_ctx)
+			chunk_appendf(&trash, " .xctx=%p", sctx->xprt_ctx);
+	}
+
+	chunk_appendf(&trash, " .wait.ev=%d", sctx->wait_event.events);
+	chunk_appendf(&trash, " .subs=%p", sctx->subs);
+	if (sctx->subs) {
+		chunk_appendf(&trash, "(ev=%d tl=%p", sctx->subs->events, sctx->subs->tasklet);
+		chunk_appendf(&trash, " tl.calls=%d tl.ctx=%p tl.fct=",
+			      sctx->subs->tasklet->calls,
+			      sctx->subs->tasklet->context);
+		resolve_sym_name(&trash, NULL, sctx->subs->tasklet->process);
+		chunk_appendf(&trash, ")");
+	}
+	chunk_appendf(&trash, " .sent_early=%d", sctx->sent_early_data);
+	chunk_appendf(&trash, " .early_in=%d", (int)sctx->early_buf.data);
+}
+
 #if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
 /* This function is used with TLS ticket keys management. It permits to browse
  * each reference. The variable <ref> must point to the current node's list
@@ -6633,6 +6667,7 @@ struct xprt_ops ssl_sock = {
 	.get_alpn = ssl_sock_get_alpn,
 	.takeover = ssl_takeover,
 	.name     = "SSL",
+	.show_fd  = ssl_sock_show_fd,
 };
 
 enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,