diff --git a/include/libwebsockets/lws-context-vhost.h b/include/libwebsockets/lws-context-vhost.h
index 01e43a009b..e5ab42e0ef 100644
--- a/include/libwebsockets/lws-context-vhost.h
+++ b/include/libwebsockets/lws-context-vhost.h
@@ -1293,6 +1293,15 @@ lws_systemd_inherited_fd(unsigned int index,
 LWS_VISIBLE LWS_EXTERN int
 lws_context_is_being_destroyed(struct lws_context *context);
 
+/* This API allows the user to disable SSL key logging. */
+LWS_VISIBLE LWS_EXTERN void
+lws_reset_keylog_file(struct lws *wsi);
+
+/* This API allows the user to enable SSL key logging. 
+sslkeyfilepath : user can provide file name along with path in which ssl keys will get logged */
+LWS_VISIBLE LWS_EXTERN void
+lws_set_keylog_file(struct lws *wsi, char *sslkeyfilepath);
+
 /*! \defgroup vhost-mounts Vhost mounts and options
  * \ingroup context-and-vhost-creation
  *
diff --git a/lib/core-net/close.c b/lib/core-net/close.c
index 851ed2fba1..2151bf9948 100644
--- a/lib/core-net/close.c
+++ b/lib/core-net/close.c
@@ -25,6 +25,9 @@
 #include "private-lib-core.h"
 #include "private-lib-async-dns.h"
 
+// to store key log file path
+static char *klfl_env = NULL;
+
 #if defined(LWS_WITH_CLIENT)
 static int
 lws_close_trans_q_leader(struct lws_dll2 *d, void *user)
@@ -1037,6 +1040,28 @@ __lws_close_free_wsi_final(struct lws *wsi)
 	__lws_free_wsi(wsi);
 }
 
+/* To stop logging SSL keys, reset the `keylog_file` data */
+void lws_reset_keylog_file(struct lws *wsi)
+{
+	klfl_env = NULL;
+	wsi->a.context->keylog_file[0] = '\0';
+}
+
+/* The file path, either from user input or the environment variable, will be assigned to the LWS context to initiate SSL key logging. */
+void lws_set_keylog_file(struct lws *wsi, char *sslkeyfilepath)
+{
+	/* The user input file path takes priority over the environment variable. */
+	if('\0' != sslkeyfilepath[0])
+		klfl_env = sslkeyfilepath;
+	else
+		klfl_env = getenv("SSLKEYLOGFILE");
+
+	/* To begin logging SSL keys, the key log file will be set in lws_context */
+	if (NULL != klfl_env && strlen(klfl_env) > 1){
+		lws_strncpy(wsi->a.context->keylog_file, klfl_env,
+			strlen(klfl_env)+1);
+	}
+}
 
 void
 lws_close_free_wsi(struct lws *wsi, enum lws_close_status reason, const char *caller)
@@ -1052,6 +1077,4 @@ lws_close_free_wsi(struct lws *wsi, enum lws_close_status reason, const char *ca
 	lws_pt_unlock(pt);
 
 	lws_context_unlock(cx);
-}
-
-
+}
\ No newline at end of file
diff --git a/lib/core/private-lib-core.h b/lib/core/private-lib-core.h
index a138e44309..050d62f48a 100644
--- a/lib/core/private-lib-core.h
+++ b/lib/core/private-lib-core.h
@@ -27,7 +27,8 @@
 
 #include "lws_config.h"
 #include "lws_config_private.h"
-
+#include <stdbool.h>
+#include <stdio.h>
 
 #if defined(LWS_WITH_CGI) && defined(LWS_HAVE_VFORK) && \
     !defined(NO_GNU_SOURCE_THIS_TIME) && !defined(_GNU_SOURCE)