diff --git a/include/haproxy/global-t.h b/include/haproxy/global-t.h
index d7c948132..554d1d936 100644
--- a/include/haproxy/global-t.h
+++ b/include/haproxy/global-t.h
@@ -179,6 +179,7 @@ struct global {
 	struct freq_ctr comp_bps_in;	/* bytes per second, before http compression */
 	struct freq_ctr comp_bps_out;	/* bytes per second, after http compression */
 	struct freq_ctr out_32bps;      /* #of 32-byte blocks emitted per second */
+	uint sslconns, totalsslconns;   /* active, total # of SSL conns */
 	unsigned long long out_bytes;   /* total #of bytes emitted */
 	unsigned long long spliced_out_bytes; /* total #of bytes emitted though a kernel pipe */
 	int cps_lim, cps_max;
diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h
index 2fdf8e226..3d0eee9b1 100644
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@@ -32,8 +32,6 @@
 #include <haproxy/thread.h>
 
 extern struct list tlskeys_reference;
-extern int sslconns;
-extern int totalsslconns;
 extern struct eb_root ckchs_tree;
 extern struct eb_root crtlists_tree;
 extern struct eb_root cafile_tree;
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ae28bca0d..8b81ef8a4 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -92,8 +92,6 @@
  * to conditionally define it in openssl-compat.h than using lots of ifdefs.
  */
 
-int sslconns = 0;
-int totalsslconns = 0;
 int nb_engines = 0;
 
 static struct eb_root cert_issuer_tree = EB_ROOT; /* issuers tree from "issuers-chain-path" */
@@ -708,7 +706,7 @@ void ssl_async_fd_free(int fd)
 
 	/* Now we can safely call SSL_free, no more pending job in engines */
 	SSL_free(ssl);
-	_HA_ATOMIC_DEC(&sslconns);
+	_HA_ATOMIC_DEC(&global.sslconns);
 	_HA_ATOMIC_DEC(&jobs);
 }
 /*
@@ -5438,7 +5436,7 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
 			goto err;
 	}
 
-	if (global.maxsslconn && sslconns >= global.maxsslconn) {
+	if (global.maxsslconn && global.sslconns >= global.maxsslconn) {
 		conn->err_code = CO_ER_SSL_TOO_MANY;
 		goto err;
 	}
@@ -5467,8 +5465,8 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
 		/* leave init state and start handshake */
 		conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
 
-		_HA_ATOMIC_INC(&sslconns);
-		_HA_ATOMIC_INC(&totalsslconns);
+		_HA_ATOMIC_INC(&global.sslconns);
+		_HA_ATOMIC_INC(&global.totalsslconns);
 		*xprt_ctx = ctx;
 		return 0;
 	}
@@ -5500,8 +5498,8 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
 			conn->flags |= CO_FL_EARLY_SSL_HS;
 #endif
 
-		_HA_ATOMIC_INC(&sslconns);
-		_HA_ATOMIC_INC(&totalsslconns);
+		_HA_ATOMIC_INC(&global.sslconns);
+		_HA_ATOMIC_INC(&global.totalsslconns);
 		*xprt_ctx = ctx;
 		return 0;
 	}
@@ -6440,7 +6438,7 @@ void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
 		b_free(&ctx->early_buf);
 		tasklet_free(ctx->wait_event.tasklet);
 		pool_free(ssl_sock_ctx_pool, ctx);
-		_HA_ATOMIC_DEC(&sslconns);
+		_HA_ATOMIC_DEC(&global.sslconns);
 	}
 }
 
diff --git a/src/stats.c b/src/stats.c
index 2b5c0e508..4c8ea0c8d 100644
--- a/src/stats.c
+++ b/src/stats.c
@@ -55,7 +55,6 @@
 #include <haproxy/resolvers.h>
 #include <haproxy/server.h>
 #include <haproxy/session.h>
-#include <haproxy/ssl_sock.h>
 #include <haproxy/stats.h>
 #include <haproxy/stream.h>
 #include <haproxy/stream_interface.h>
@@ -4447,8 +4446,8 @@ int stats_fill_info(struct field *info, int len, uint flags)
 	info[INF_CUM_REQ]                        = mkf_u32(FN_COUNTER, global.req_count);
 #ifdef USE_OPENSSL
 	info[INF_MAX_SSL_CONNS]                  = mkf_u32(FN_MAX, global.maxsslconn);
-	info[INF_CURR_SSL_CONNS]                 = mkf_u32(0, sslconns);
-	info[INF_CUM_SSL_CONNS]                  = mkf_u32(FN_COUNTER, totalsslconns);
+	info[INF_CURR_SSL_CONNS]                 = mkf_u32(0, global.sslconns);
+	info[INF_CUM_SSL_CONNS]                  = mkf_u32(FN_COUNTER, global.totalsslconns);
 #endif
 	info[INF_MAXPIPES]                       = mkf_u32(FO_CONFIG|FN_LIMIT, global.maxpipes);
 	info[INF_PIPES_USED]                     = mkf_u32(0, pipes_used);