merely testing for $ssl_protocol breaks upstream proxy only with IE8

[rpriyana]

I am on nginx 1.9.4
One of my https site cannot be accessed by IE8 in XP and some IE in Win 7
(getting 404).
It seems nginx do the try_files locally and gave up, not going for @proxy.
Works fine with other browser.

I narrowed it down to this sample config

##### sample config that has issue #####
server {
  listen       *:443 ssl default;
  server_tokens off;

  server_name  bb2.example.com;

  ssl on;

  ssl_certificate           /etc/nginx/default.crt;
  ssl_certificate_key       /etc/nginx/default.key;
  ssl_session_cache         shared:SSL:10m;
  ssl_session_timeout       5m;
  ssl_protocols             SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;
  root  /var/nginx/www/bb2;

  location / {
        set $unsafe 0;
        if ($ssl_protocol = TLSv1) {
                set $unsafe 1;
        }
    proxy_intercept_errors on;
    proxy_read_timeout  90;
    try_files $uri $uri/index.html @proxy;
    root  /var/nginx/www/bb2;

  }
  location @proxy {
    proxy_pass http://127.0.0.1:8888;
  }

}

####### end of sample config ##############

When I try to access anything that is statically served, it is fine, but
when I access anything proxied, I get a 404 on IE8 WinXP and some Win7,
Other browsers are fine.

I found that the problem disappear if I remove the block

        if ($ssl_protocol = TLSv1) {
                set $unsafe 1;
        }

or if I don't use try_files and directly go for proxy_pass.
But of course I can no longer locally host static file.

I found that if I check for $ssl_protocol = SSLv3 , it is not causing
problem, only TLSv1
If doesn't matter if I put any action in the "if" block, as soon as I do a
test, it breaks.

Anyone can shed a clue of what is going on there?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,262024,262024#msg-262024