diff --git a/c_src/quicer_connection.c b/c_src/quicer_connection.c
index 18dd0de7..2a41a868 100644
--- a/c_src/quicer_connection.c
+++ b/c_src/quicer_connection.c
@@ -299,11 +299,6 @@ _IRQL_requires_max_(DISPATCH_LEVEL)
       // A monitor is automatically removed when it triggers or when the
       // resource is deallocated.
       status = handle_connection_event_connected(c_ctx, Event);
-      // Client dump SSL KEY
-      if (NULL != c_ctx->TlsSecrets && NULL != c_ctx->ssl_keylogfile)
-        {
-          dump_sslkeylogfile(c_ctx->ssl_keylogfile, *(c_ctx->TlsSecrets));
-        }
       break;
     case QUIC_CONNECTION_EVENT_PEER_STREAM_STARTED:
       //
@@ -1209,6 +1204,15 @@ handle_connection_event_connected(QuicerConnCTX *c_ctx,
   ERL_NIF_TERM report = make_event_with_props(
       c_ctx->env, ATOM_CONNECTED, ConnHandle, props_name, props_value, 2);
 
+  // Client&Server Dump SSL Key Log File
+  if (NULL != c_ctx->TlsSecrets && NULL != c_ctx->ssl_keylogfile)
+    {
+      dump_sslkeylogfile(c_ctx->ssl_keylogfile, *(c_ctx->TlsSecrets));
+      // @NOTE: only free ssl_keylogfile not TlsSecrets
+      CXPLAT_FREE(c_ctx->ssl_keylogfile, QUICER_TRACE);
+      c_ctx->ssl_keylogfile = NULL;
+    }
+
   // testing this, just unblock acceptor
   // should pick a 'acceptor' here?
   if (!enif_send(NULL, acc_pid, NULL, report))
diff --git a/c_src/quicer_ctx.c b/c_src/quicer_ctx.c
index 45e7adf6..631df534 100644
--- a/c_src/quicer_ctx.c
+++ b/c_src/quicer_ctx.c
@@ -94,6 +94,7 @@ deinit_l_ctx(QuicerListenerCTX *l_ctx)
     {
       enif_release_resource(l_ctx->r_ctx);
     }
+  CXPLAT_FREE(l_ctx->ssl_keylogfile, QUICER_TRACE);
   enif_mutex_destroy(l_ctx->lock);
   enif_free_env(l_ctx->env);
 }
diff --git a/c_src/quicer_ctx.h b/c_src/quicer_ctx.h
index 9068566d..e69e8df2 100644
--- a/c_src/quicer_ctx.h
+++ b/c_src/quicer_ctx.h
@@ -76,6 +76,8 @@ typedef struct QuicerListenerCTX
   BOOLEAN is_stopped;
   BOOLEAN allow_insecure;
   CXPLAT_LIST_ENTRY RegistrationLink;
+  char *ssl_keylogfile;
+  uint16_t ssl_keylogfile_len;
   void *reserved1;
   void *reserved2;
   void *reserved3;
diff --git a/c_src/quicer_listener.c b/c_src/quicer_listener.c
index fda9e6f3..5c7c94af 100644
--- a/c_src/quicer_listener.c
+++ b/c_src/quicer_listener.c
@@ -203,6 +203,16 @@ ServerListenerCallback(__unused_parm__ HQUIC Listener,
                                  (void *)ServerConnectionCallback,
                                  c_ctx);
 
+      if (l_ctx->ssl_keylogfile)
+        {
+          char *ssl_keylogfile
+              = CXPLAT_ALLOC_NONPAGED(l_ctx->ssl_keylogfile_len, QUICER_TRACE);
+          strncpy(ssl_keylogfile,
+                  l_ctx->ssl_keylogfile,
+                  l_ctx->ssl_keylogfile_len);
+          set_conn_sslkeylogfile(c_ctx, ssl_keylogfile);
+        }
+
       QuicerRegistrationCTX *r_ctx;
       if (l_ctx->r_ctx)
         {
@@ -438,6 +448,12 @@ listen2(ErlNifEnv *env, __unused_parm__ int argc, const ERL_NIF_TERM argv[])
       goto exit;
     }
 
+  l_ctx->ssl_keylogfile
+      = str_from_map(env, ATOM_SSL_KEYLOGFILE_NAME, &options, NULL, PATH_MAX);
+  l_ctx->ssl_keylogfile_len
+      = l_ctx->ssl_keylogfile ? strlen(l_ctx->ssl_keylogfile) + 1 : 0;
+  CXPLAT_FRE_ASSERT(l_ctx->ssl_keylogfile_len < PATH_MAX);
+
   // Start Listener
   Status = MsQuic->ListenerStart(
       l_ctx->Listener, alpn_buffers, alpn_buffer_length, &Address);
diff --git a/c_src/quicer_tls.c b/c_src/quicer_tls.c
index a09653d2..eccfb17f 100644
--- a/c_src/quicer_tls.c
+++ b/c_src/quicer_tls.c
@@ -262,15 +262,21 @@ parse_sslkeylogfile_option(ErlNifEnv *env,
                            ERL_NIF_TERM eoptions,
                            QuicerConnCTX *c_ctx)
 {
-  QUIC_STATUS Status;
 
-  char *keylogfile = str_from_map(
-      env, ATOM_SSL_KEYLOGFILE_NAME, &eoptions, NULL, PATH_MAX + 1);
+  char *keylogfile
+      = str_from_map(env, ATOM_SSL_KEYLOGFILE_NAME, &eoptions, NULL, PATH_MAX);
 
   if (!keylogfile)
     {
       return;
     }
+  set_conn_sslkeylogfile(c_ctx, keylogfile);
+}
+
+void
+set_conn_sslkeylogfile(QuicerConnCTX *c_ctx, char *keylogfile)
+{
+  QUIC_STATUS Status;
 
   // Allocate the TLS secrets
   QUIC_TLS_SECRETS *TlsSecrets
diff --git a/c_src/quicer_tls.h b/c_src/quicer_tls.h
index f4b41925..0d5bfee7 100644
--- a/c_src/quicer_tls.h
+++ b/c_src/quicer_tls.h
@@ -48,4 +48,6 @@ eoptions_to_cred_config(ErlNifEnv *env,
                         ERL_NIF_TERM eoptions,
                         QUIC_CREDENTIAL_CONFIG *CredConfig,
                         X509_STORE **trusted_store);
+
+void set_conn_sslkeylogfile(QuicerConnCTX *c_ctx, char *keylogfile);
 #endif // QUICER_TLS_H_
diff --git a/test/quicer_SUITE.erl b/test/quicer_SUITE.erl
index 0c6a4928..39652484 100644
--- a/test/quicer_SUITE.erl
+++ b/test/quicer_SUITE.erl
@@ -2472,9 +2472,12 @@ tc_stream_send_shutdown_complete(Config) ->
 tc_conn_opt_sslkeylogfile(Config) ->
     Port = select_port(),
     TargetFName = "SSLKEYLOGFILE",
+    ServerTargetFName = "SERVERSSLKEYLOGFILE",
     file:delete(TargetFName),
     application:ensure_all_started(quicer),
-    ListenerOpts = [{conn_acceptors, 32} | default_listen_opts(Config)],
+    ListenerOpts = [
+        {sslkeylogfile, ServerTargetFName}, {conn_acceptors, 32} | default_listen_opts(Config)
+    ],
     ConnectionOpts = [
         {conn_callback, quicer_server_conn_callback},
         {stream_acceptors, 32}
@@ -2498,7 +2501,8 @@ tc_conn_opt_sslkeylogfile(Config) ->
     ),
     quicer:close_connection(Conn),
     timer:sleep(100),
-    {ok, #file_info{type = regular}} = file:read_file_info(TargetFName).
+    {ok, #file_info{type = regular}} = file:read_file_info(TargetFName),
+    {ok, #file_info{type = regular}} = file:read_file_info(ServerTargetFName).
 
 tc_insecure_traffic(Config) ->
     Port = select_port(),