Server has an issued cert. Client has an issued cert. The publics are exchanged and authenticated. Each can then be chained up to an issuer to prove identity. That's nonrepudiation.
That provides proof of identity for both parties, but not a way with which a party can prove anything about the message content afterwards. The key with which the contents are encrypted is symmetric and known to both parties, so at that state the content is not bound to the sender identity. If you can't tie content to sender identity, you do not have non-repudiation.
Is it the first? X.509 client authentication provides a mutually authenticated TLS connection.
https://en.wikipedia.org/wiki/X.509