Does Egress TLS Origination works for TCP app instead of HTTP

I am following Istio / Egress TLS Origination
I have tested and it works for HTTP to HTTPS conversion.

I have a client app that sends TCP traffic out (not HTTP) and I want to convert to TCP encrypted with TLS.
How should I configure serviceEntry?

This setup doesn’t work.


  • name: tcp-port
    number: 9000
    protocol: TCP
    targetPort: 15443
  • name: tls-port
    number: 15443
    protocol: TLS
    resolution: DNS