Are you by any chance using role-based configuration? If yes, is it possible for the user where you DO NOT see protocol version written in connect log is part of that while for the other users where you DO see protocol listed as TLSv1.2 in connect log has no role assigned?
If the answer to above is yes, this was a cosmetic (not a defect) problem which we found in 12.6 version and fixed. So it seems like you are hitting the problem. Also the fact, as fixes are cumulative in nature, it made it to 14.0 release where you confirmed not seeing this problem while 12.0 version is scheduled to go EOS (End Of Service) on Feb 28, 2019... we didn't port the fix back to 12.0 code line as there are no further SP (Service Pack) planned for this release.
In short, the connection is still made over TLSv1.2 protocol but the user being part of role-based config, it is not reflected correctly in connect log hence it shoes PASS(SSL: ) only and not PASS(SSL: TLSv1.2)
Hope this helps.
Thanks,
Hitesh