Safari tries to provide correct client certificate only in private mode

I have a website running on nginx webserver. It uses optional SSL client vertification by certificate. I also have a certificate issued by proper CA added to my keychain "Login" (I am not actually sure of its name since my OS language is not English). When I go to that site using other browsers than Safari (tried Orion and Chrome), it asks for certificate right away, but Safari does not. Also, by toggling "Lock keychain after xxx minutes" option I managed to make Safari to ask for certificate for one of the 3rd level domains on my site, but not for the other. Client certificate authentication works well with other browsers so I assume there is nothing wrong server-side as certificate is being recognized and accepted, and my best guess is - something is wrong with Safari. Cleaning site settings doesn't seem to have any effect too. Why Safari doesn't want to use certificate sometimes? I guess if set SSL client verification to be required, it is going to solve the problem, but for some unrelated reasons I cannot do that. Update: while I was writing that, I let safari so do nothing and think of its behavior I assume. Next time I reloaded page, it asked for certificate from keychain. Although now it behaves as I expect, its behavior is still somewhat erratic.