--- coyote/http11/Http11Processor.java	(revision 1657513)
+++ coyote/http11/Http11Processor.java	(working copy)
@@ -975,6 +975,11 @@ 
                         request.setAttribute
                             (SSLSupport.SESSION_ID_KEY, sslO);
                     }
+                    sslO = sslSupport.getProtocol();
+                    if (sslO != null) {
+                        request.setAttribute
+                            (SSLSupport.PROTOCOL_VERSION_KEY, sslO);
+                    }
                     request.setAttribute(SSLSupport.SESSION_MGR, sslSupport);
                 }
             } catch (Exception e) {
--- tomcat/util/net/AprSSLSupport.java	(revision 1657513)
+++ tomcat/util/net/AprSSLSupport.java	(working copy)
@@ -117,4 +117,9 @@ 
             throw new IOException(e);
         }
     }
+    
+    @Override
+    public String getProtocol() throws IOException {
+       throw new IOException("method not yet implemented");
+   }
 }
--- tomcat/util/net/SSLSupport.java	(revision 1657513)
+++ tomcat/util/net/SSLSupport.java	(working copy)
@@ -55,6 +55,11 @@ 
     public static final String SESSION_MGR =
             "javax.servlet.request.ssl_session_mgr";
 
+    /**
+     * as per https://issues.apache.org/bugzilla/show_bug.cgi?id=57540 to find out whether the socket was created with TLSv1 or TLSv1.2 etc.
+     */
+    public static final String PROTOCOL_VERSION_KEY =
+            "org.apache.tomcat.util.net.secure_protocol_version";
 
     /**
      * A mapping table to determine the number of effective bits in the key
@@ -124,6 +129,12 @@ 
      * @throws IOException If an error occurs trying to obtain the session ID
      */
     public String getSessionId() throws IOException;
+    
+
+    /**
+     * as per https://issues.apache.org/bugzilla/show_bug.cgi?id=57540 to find out whether the socket was created with TLSv1 or TLSv1.2 etc.
+     */
+    public String getProtocol() throws IOException;
 
     /**
      * Simple data class that represents the cipher being used, along with the
--- tomcat/util/net/jsse/JSSESupport.java	(revision 1657513)
+++ tomcat/util/net/jsse/JSSESupport.java	(working copy)
@@ -182,5 +182,13 @@ 
     public void invalidateSession() {
         session.invalidate();
     }
+    
+    @Override
+    public String getProtocol() throws IOException {
+        if (session == null)
+           return null;
+       return session.getProtocol();
+   }
+    
 }
 
--- tomcat/util/net/jsse/openssl/Protocol.java	(revision 1657513)
+++ tomcat/util/net/jsse/openssl/Protocol.java	(working copy)
@@ -22,6 +22,8 @@ 
     SSLv3("SSLv3"),
     SSLv2("SSLv2"),
     TLSv1("SSLv3"),
+    TLSv1_0("TLSv1"),
+    TLSv1_1("TLSv1.1"),
     TLSv1_2("TLSv1.2");
 
     private final String openSSLName;