diff --git a/changelog/unreleased/kong/fix-tcp-log-sslhandshake.yml b/changelog/unreleased/kong/fix-tcp-log-sslhandshake.yml
new file mode 100644
index 000000000000..f712729860e3
--- /dev/null
+++ b/changelog/unreleased/kong/fix-tcp-log-sslhandshake.yml
@@ -0,0 +1,3 @@
+message: "**tcp-log**: fix an issue that repeated ssl handshake"
+type: bugfix
+scope: Plugin
diff --git a/kong/plugins/tcp-log/handler.lua b/kong/plugins/tcp-log/handler.lua
index 3bfc9c7c3bfd..06fddb1a0765 100644
--- a/kong/plugins/tcp-log/handler.lua
+++ b/kong/plugins/tcp-log/handler.lua
@@ -31,8 +31,15 @@ local function log(premature, conf, message)
     return
   end
 
-  if conf.tls then
-    ok, err = sock:sslhandshake(true, conf.tls_sni, false)
+  local times, err = sock:getreusedtimes()
+  if not times then
+    kong.log.err("failed to get socket reused time to ", host, ":", tostring(port), ": ", err)
+    sock:close()
+    return
+  end
+
+  if conf.tls and times == 0 then
+    ok, err = sock:sslhandshake(false, conf.tls_sni, false)
     if not ok then
       kong.log.err("failed to perform TLS handshake to ", host, ":", port, ": ", err)
       sock:close()