diff --git a/src/ssl.c b/src/ssl.c
index 3d61a73df..f029e8734 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -990,10 +990,8 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
     if (pSz < ssl->options.minDhKeySz)
         return DH_KEY_SIZE_E;
 
-    #ifndef WOLFSSL_WPAS
     if (ssl->options.side != WOLFSSL_SERVER_END)
         return SIDE_ERROR;
-    #endif
 
     if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
         XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
@@ -2063,6 +2061,20 @@ void wolfSSL_FreeArrays(WOLFSSL* ssl)
     }
 }
 
+/* Set option to indicate that the resources are not to be freed after
+ * handshake.
+ *
+ * ssl  The SSL/TLS object.
+ */
+int wolfSSL_KeepResources(WOLFSSL* ssl)
+{
+    if (ssl == NULL)
+        return BAD_FUNC_ARG;
+
+    ssl->options.keepResources = 1;
+
+    return 0;
+}
 
 const byte* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify)
 {
@@ -7905,16 +7917,16 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
             }
 #endif /* NO_HANDSHAKE_DONE_CB */
 
-#ifndef WOLFSSL_WPAS
             if (!ssl->options.dtls) {
-                FreeHandshakeResources(ssl);
+                if (!ssl->options.keepResources) {
+                    FreeHandshakeResources(ssl);
+                }
             }
 #ifdef WOLFSSL_DTLS
             else {
                 ssl->options.dtlsHsRetain = 1;
             }
 #endif /* WOLFSSL_DTLS */
-#endif
 
             WOLFSSL_LEAVE("SSL_connect()", SSL_SUCCESS);
             return SSL_SUCCESS;
@@ -23759,4 +23771,5 @@ int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg)
 }
 #endif
 
+
 #endif /* WOLFCRYPT_ONLY */
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 19cb6710f..e81ca8fc1 100755
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -2494,6 +2494,7 @@ typedef struct Options {
 #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES)
     word16            userCurves:1;       /* indicates user called wolfSSL_UseSupportedCurve */
 #endif
+    word16            keepResources:1;    /* Keep resources after handshake */
 
     /* need full byte values for this section */
     byte            processReply;           /* nonblocking resume */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 69295d99c..768eca8d8 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1650,6 +1650,7 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
 WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*);
 WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*);
 
+WOLFSSL_API int wolfSSL_KeepResources(WOLFSSL* ssl);
 
 /* async additions */
 WOLFSSL_API int wolfSSL_UseAsync(WOLFSSL*, int devId);