In release 2.0.28 logging was introduced at level error when a client connection does not succeed to authenticate their client certificate. This can easily fill logs during a malicious attack, can the log level be reduced to debug. (Original change to add the logging was:
UNDERTOW-1580 Improve EJB over HTTPS logging)