Hi!
We are having a similar issue, but only on one site. Running 802.1x (EAP-TLS) on aruba switches.
Same client works on other sites. So I figured it was latancy or dropped packets, but it's a pretty good connection with 25ms latency.
My packet captures show pretty much the same as yours, the client never provides it's cert. Client does ACK all the servers fragmented packets.
If you find any solutions for your problems please post :), will certanly do the same.
Running win10 and Clearpass 6.7.3