It's that easy:
# get the needed session
$ ss -t | grep 10.21.10.22
ESTAB 0 0 7.2.2.1:56120 10.21.10.22:65001
# get the process and file descriptor that opened the session
$ lsof -n | grep 10.21.10.22:65001
rsyslogd 6876 root 7u IPv4 1224456667 0t0 TCP 7.2.2.1:56120->10.21.10.22:65001 (ESTABLISHED)
# get the creation date of file
$ ls -la /proc/6876/fd/* | grep 1224456667
lrwx------ 1 root root 64 Apr 27 08:30 /proc/6876/fd/7 -> socket:[1224456667]
So the TCP connection started at 08:30.