+void CAcloseSslConnectionAll(CATransportAdapter_t transportType);
+
+#if defined(__WITH_TLS__) || defined(__WITH_DTLS__)
+
+/**
+ * @brief Callback type: Export key block and master secret
+ * @note This is required for certain uses of TLS, e.g. EAP-TLS
+ * (RFC 5216) and Thread. The key pointers are ephemeral and
+ * therefore must not be stored. The master secret and keys
+ * should not be used directly except as an input to a key
+ * derivation function.
+ *
+ * @aram[in] masterSecret Pointer to master secret (fixed length: 48 bytes)
+ * @param[in] keyBlock Pointer to key block, see RFC 5246 section 6.3
+ * (variable length: 2 * maclen + 2 * keylen + 2 * ivlen).
+ * @param[in] maclen MAC length
+ * @param[in] keylen Key length
+ * @param[in] ivlen IV length
+ */
+typedef void (*SslExportKeysCallback_t)(const unsigned char* masterSecret,
+ const unsigned char* keyBlock,
+ size_t macLen, size_t keyLen, size_t ivLen);
+
+/**
+ * API to set a export SSL(TLS/DTLS) key callback.
+ * This callback will be invoked when SSL handshake occured.
+ *
+ * @param[in] exportKeysCb implementation of SslExportKeysCallback_t
+ * @param[in] protocol CA_SSL_EKCB_TLS=TLS, CA_SSL_EKCB_DTLS=DTLS (@ref CASslEkcbProtocol_t)
+ * @param[in] role CA_SSL_EKCB_CLIENT=client, CA_SSL_EKCB_SERVER=server (@ref CASslEkcbRole_t)
+ *
+ * @return CA_STATUS_OK on success, otherwise fail.
+ */
+CAResult_t CASetSslExportKeysCallback(SslExportKeysCallback_t exportKeysCb,
+ CASslEkcbProtocol_t protocol, CASslEkcbRole_t role);
+
+#endif //__WITH_TLS__ or __WITH_DTLS__
+