We are facing an issue on the client side TLS. As you see below the handshake is done properly but then there is no more data sent from the SG client so the connection is closed.
To test I am using this link https://caplonsgprd-x.integration.ibmcloud.com:xxxx/PATH/ to initiate the request which reaches the client configured for TLS and then I see the below in the logs:
[Wed Sep 30 14:22:13 2015] [debug] ssl_engine_kernel.c(1907): OpenSSL: Handshake: done
[Wed Sep 30 14:22:13 2015] [info] Connection: Client IP: xx.xx.xx.xx, Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Wed Sep 30 14:22:13 2015] [debug] mod_monitoring.c(213): monitor: Update counters for event 'tls:handshake:done'
[Wed Sep 30 14:22:13 2015] [debug] MonitoringCounter.c(375): monitor: MonitoringCounter_updateCounter (null) TLS_HandshakeSucceed 1
[Wed Sep 30 14:22:13 2015] [debug] mod_monitoring.c(213): monitor: Update counters for event 'tls:handshake:exit'
[Wed Sep 30 14:22:13 2015] [debug] ssl_engine_io.c(1952): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f5eb00011e0 [mem: 7f5ef0751de3] -> Here we expected the client to send the applicative data which is the HTTPS request with the PATH.
[Wed Sep 30 14:22:13 2015] [info] [client xx.xx.xx.xx] (70014)End of file found: SSL input filter read failed.
I've gone through the flow in Bluemix US of creating a TCP destination to mongodb with client side TLS enabled with a self signed cert.
If the cert is uploaded, it looks like the client needs to be restarted to pick up the cert and use it. Once the client is restarted, the cert should be recognized and I was able to connect to my SSL enabled mongodb.
Edit: Secure Gateway does not currently support multiple client TLS CA files to be uploaded, so the client will fail to connect if the chain consists of more than one CA cert.