diff --git a/apps/emqx/i18n/emqx_schema_i18n.conf b/apps/emqx/i18n/emqx_schema_i18n.conf
index 2ba5e7f52..6faa0c511 100644
--- a/apps/emqx/i18n/emqx_schema_i18n.conf
+++ b/apps/emqx/i18n/emqx_schema_i18n.conf
@@ -1495,6 +1495,17 @@ In case PSK cipher suites are intended, make sure to configure
     }
 }
 
+common_ssl_opts_schema_hibernate_after {
+    desc {
+        en: """ Hibernate the SSL process after idling for amount of time reducing its memory footprint. """
+        zh: """ 在闲置一定时间后休眠 SSL 进程，减少其内存占用。"""
+    }
+    label: {
+        en: "hibernate after"
+        zh: "闲置多久后休眠"
+    }
+}
+
 ciphers_schema_common {
     desc {
         en: """This config holds TLS cipher suite names separated by comma,
diff --git a/apps/emqx/src/emqx.app.src b/apps/emqx/src/emqx.app.src
index c812b2217..3030ccb06 100644
--- a/apps/emqx/src/emqx.app.src
+++ b/apps/emqx/src/emqx.app.src
@@ -3,7 +3,7 @@
     {id, "emqx"},
     {description, "EMQX Core"},
     % strict semver, bump manually!
-    {vsn, "5.0.17"},
+    {vsn, "5.0.18"},
     {modules, []},
     {registered, []},
     {applications, [
diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index ba813d2c8..d1be888c3 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -1929,6 +1929,15 @@ common_ssl_opts_schema(Defaults) ->
                     default => Df("secure_renegotiate", true),
                     desc => ?DESC(common_ssl_opts_schema_secure_renegotiate)
                 }
+            )},
+
+        {"hibernate_after",
+            sc(
+                duration(),
+                #{
+                    default => Df("hibernate_after", "5s"),
+                    desc => ?DESC(common_ssl_opts_schema_hibernate_after)
+                }
             )}
     ].
 
diff --git a/apps/emqx/test/emqx_listeners_SUITE.erl b/apps/emqx/test/emqx_listeners_SUITE.erl
index 6a7cd2791..015439587 100644
--- a/apps/emqx/test/emqx_listeners_SUITE.erl
+++ b/apps/emqx/test/emqx_listeners_SUITE.erl
@@ -138,6 +138,41 @@ t_restart_listeners(_) ->
     ok = emqx_listeners:restart(),
     ok = emqx_listeners:stop().
 
+t_restart_listeners_with_hibernate_after_disabled(_Config) ->
+    OldLConf = emqx_config:get([listeners]),
+    maps:foreach(
+        fun(LType, Listeners) ->
+            maps:foreach(
+                fun(Name, Opts) ->
+                    case maps:is_key(ssl_options, Opts) of
+                        true ->
+                            emqx_config:put(
+                                [
+                                    listeners,
+                                    LType,
+                                    Name,
+                                    ssl_options,
+                                    hibernate_after
+                                ],
+                                undefined
+                            );
+                        _ ->
+                            skip
+                    end
+                end,
+                Listeners
+            )
+        end,
+        OldLConf
+    ),
+    ok = emqx_listeners:start(),
+    ok = emqx_listeners:stop(),
+    %% flakyness: eaddrinuse
+    timer:sleep(timer:seconds(2)),
+    ok = emqx_listeners:restart(),
+    ok = emqx_listeners:stop(),
+    emqx_config:put([listeners], OldLConf).
+
 t_max_conns_tcp(_) ->
     %% Note: Using a string representation for the bind address like
     %% "127.0.0.1" does not work
diff --git a/changes/v5.0.18/perf-9967-en.md b/changes/v5.0.18/perf-9967-en.md
new file mode 100644
index 000000000..fadba24c9
--- /dev/null
+++ b/changes/v5.0.18/perf-9967-en.md
@@ -0,0 +1 @@
+New common TLS option 'hibernate_after' to reduce memory footprint per idle connecion, default: 5s.
diff --git a/changes/v5.0.18/perf-9967-zh.md b/changes/v5.0.18/perf-9967-zh.md
new file mode 100644
index 000000000..7b73f9bd0
--- /dev/null
+++ b/changes/v5.0.18/perf-9967-zh.md
@@ -0,0 +1 @@
+新的通用 TLS 选项 'hibernate_after'， 以减少空闲连接的内存占用，默认： 5s 。