+CAResult_t CAcloseSslSession(const CAEndpoint_t *endpoint);
+
+/**
+ * Initiate TLS handshake with selected cipher suite.
+ *
+ * @param[in] endpoint information of network address.
+ *
+ * @retval ::CA_STATUS_OK Successful.
+ * @retval ::CA_STATUS_FAILED Operation failed.
+ */
+CAResult_t CAinitiateSslHandshake(const CAEndpoint_t *endpoint);
+
+/**
+ * Close the DTLS session.
+ *
+ * @param[in] endpoint information of network address.
+ *
+ * @retval ::CA_STATUS_OK Successful.
+ * @retval ::CA_STATUS_FAILED Operation failed.
+ */
+CAResult_t CAcloseSslConnection(const CAEndpoint_t *endpoint);
+
+/**
+ * Close the TLS session using UUID
+ *
+ * @param[in] identity UUID of target device
+ * @param[in] idLength Byte length of 'identity'
+ *
+ * @retval ::CA_STATUS_OK Successful.
+ * @retval ::CA_STATUS_FAILED Operation failed.
+ */
+CAResult_t CAcloseSslConnectionUsingUuid(const uint8_t *identity, size_t idLength);
+
+/**
+ * Close All of DTLS sessions.
+ */
+void CAcloseSslConnectionAll(CATransportAdapter_t transportType);
+
+#if defined(__WITH_TLS__) || defined(__WITH_DTLS__)
+
+/**
+ * @brief Callback type: Export key block and master secret
+ * @note This is required for certain uses of TLS, e.g. EAP-TLS
+ * (RFC 5216) and Thread. The key pointers are ephemeral and
+ * therefore must not be stored. The master secret and keys
+ * should not be used directly except as an input to a key
+ * derivation function.
+ *
+ * @aram[in] masterSecret Pointer to master secret (fixed length: 48 bytes)
+ * @param[in] keyBlock Pointer to key block, see RFC 5246 section 6.3
+ * (variable length: 2 * maclen + 2 * keylen + 2 * ivlen).
+ * @param[in] maclen MAC length
+ * @param[in] keylen Key length
+ * @param[in] ivlen IV length
+ */
+typedef void (*SslExportKeysCallback_t)(const unsigned char* masterSecret,
+ const unsigned char* keyBlock,
+ size_t macLen, size_t keyLen, size_t ivLen);
+
+/**
+ * API to set a export SSL(TLS/DTLS) key callback.
+ * This callback will be invoked when SSL handshake occured.
+ *
+ * @param[in] exportKeysCb implementation of SslExportKeysCallback_t
+ * @param[in] protocol CA_SSL_EKCB_TLS=TLS, CA_SSL_EKCB_DTLS=DTLS (@ref CASslEkcbProtocol_t)
+ * @param[in] role CA_SSL_EKCB_CLIENT=client, CA_SSL_EKCB_SERVER=server (@ref CASslEkcbRole_t)
+ *
+ * @return CA_STATUS_OK on success, otherwise fail.
+ */
+CAResult_t CASetSslExportKeysCallback(SslExportKeysCallback_t exportKeysCb,
+ CASslEkcbProtocol_t protocol, CASslEkcbRole_t role);