diff -uprN haproxy-1.5-dev22/src/ssl_sock.c haproxy-1.5-dev22-tlsunique/src/ssl_sock.c
--- haproxy-1.5-dev22/src/ssl_sock.c	2014-02-02 18:41:29.000000000 -0500
+++ haproxy-1.5-dev22-tlsunique/src/ssl_sock.c	2014-04-07 12:15:41.431777536 -0400
@@ -45,6 +45,7 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>
 
+#include <common/base64.h>
 #include <common/buffer.h>
 #include <common/compat.h>
 #include <common/config.h>
@@ -2785,6 +2786,55 @@ smp_fetch_ssl_fc_sni(struct proxy *px, s
 #endif
 }
 
+static int
+smp_fetch_ssl_fc_unique_id(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
+                          const struct arg *args, struct sample *smp, const char *kw)
+{
+#if OPENSSL_VERSION_NUMBER > 0x0090800fL
+	struct connection *conn;
+	int finished_len;
+	int b64_len;
+	struct chunk *finished_trash;
+	struct chunk *smp_trash;
+
+	smp->flags = 0;
+
+	if (!l4)
+	        return 0;
+
+	conn = objt_conn(l4->si[0].end);
+	if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
+		return 0;
+
+	if (!(conn->flags & CO_FL_CONNECTED)) {
+		smp->flags |= SMP_F_MAY_CHANGE;
+		return 0;
+	}
+
+	finished_trash = get_trash_chunk();
+	if (!SSL_session_reused(conn->xprt_ctx))
+		finished_len = SSL_get_peer_finished(conn->xprt_ctx, finished_trash->str, finished_trash->size);
+	else
+		finished_len = SSL_get_finished(conn->xprt_ctx, finished_trash->str, finished_trash->size);
+
+	if (!finished_len)
+		return 0;
+
+	smp_trash = get_trash_chunk();
+	b64_len = a2base64(finished_trash->str, finished_len, smp_trash->str, smp_trash->size);
+	if (b64_len < 0)
+		return 0;
+
+	smp->data.str.str = smp_trash->str;
+	smp->type = SMP_T_CSTR;
+	smp->data.str.len = b64_len;
+
+	return 1;
+#else
+	return 0;
+#endif
+}
+
 /* integer, returns the first verify error in CA chain of client certificate chain. */
 static int
 smp_fetch_ssl_c_ca_err(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
@@ -3511,6 +3561,7 @@ static struct sample_fetch_kw_list sampl
 	{ "ssl_fc_alpn",            smp_fetch_ssl_fc_alpn,        0,                   NULL,    SMP_T_CSTR, SMP_USE_L5CLI },
 #endif
 	{ "ssl_fc_protocol",        smp_fetch_ssl_fc_protocol,    0,                   NULL,    SMP_T_CSTR, SMP_USE_L5CLI },
+	{ "ssl_fc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_CSTR, SMP_USE_L5CLI },
 	{ "ssl_fc_use_keysize",     smp_fetch_ssl_fc_use_keysize, 0,                   NULL,    SMP_T_UINT, SMP_USE_L5CLI },
 	{ "ssl_fc_session_id",      smp_fetch_ssl_fc_session_id,  0,                   NULL,    SMP_T_CBIN, SMP_USE_L5CLI },
 	{ "ssl_fc_sni",             smp_fetch_ssl_fc_sni,         0,                   NULL,    SMP_T_CSTR, SMP_USE_L5CLI },
@@ -3543,6 +3594,7 @@ static struct acl_kw_list acl_kws = {ILH
 	{ "ssl_fc_alpn",            NULL,         pat_parse_str,     pat_match_str     },
 #endif
 	{ "ssl_fc_protocol",        NULL,         pat_parse_str,     pat_match_str     },
+	{ "ssl_fc_unique_id",       NULL,         pat_parse_str,     pat_match_str     },
 	{ "ssl_fc_sni",             "ssl_fc_sni", pat_parse_str,     pat_match_str     },
 	{ "ssl_fc_sni_end",         "ssl_fc_sni", pat_parse_str,     pat_match_end     },
 	{ "ssl_fc_sni_reg",         "ssl_fc_sni", pat_parse_reg,     pat_match_reg     },