diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index 4cce5085f49b84acbf824628b34b651948d273e6..929c8ef4da5eef356e9e3a0a9a09627c14baccc4 100644
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -169,6 +169,7 @@ type ConnectionState struct {
 	PeerCertificates            []*x509.Certificate   // certificate chain presented by remote peer
 	VerifiedChains              [][]*x509.Certificate // verified chains built from PeerCertificates
 	SignedCertificateTimestamps [][]byte              // SCTs from the server, if any
+	OCSPResponse                []byte                // stapled OCSP response from server, if any
 
 	// TLSUnique contains the "tls-unique" channel binding value (see RFC
 	// 5929, section 3). For resumed sessions this value will be nil
diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go
index c7b30a5d7238bcde16eccdbcbeb874ba5953add2..cad471859f5872a8437b1cc0d84e38ac30755a06 100644
--- a/src/crypto/tls/conn.go
+++ b/src/crypto/tls/conn.go
@@ -995,6 +995,7 @@ func (c *Conn) ConnectionState() ConnectionState {
 		state.VerifiedChains = c.verifiedChains
 		state.ServerName = c.serverName
 		state.SignedCertificateTimestamps = c.scts
+		state.OCSPResponse = c.ocspResponse
 		if !c.didResume {
 			state.TLSUnique = c.firstFinished[:]
 		}