Egress tls originated from istio-proxy to external service for a tcp protocol

is it possible to initiate tls from the istio-proxy to an external service for tcp ?

I’d like the main container to initiate a tcp connection on port 2501 to an external service and have the istio-proxy intercept it and start a TLS connection to the external service on port 2500.

I managed to have the istio-proxy route the tcp connection to a different port but I failed to have it initiate a TLS connection (simple or mutual).

I was wondering if it is something that should work or it should be done by a tcp/tls proxy.
The tcp protocol is not http/grpc it is a custom protocol.


Sorry, for the noise but in the end I managed to make egress tcp to istio-proxy and then mtls from istio-proxy to an external service following egress-tls-origination
I just changed the service entry with tcp for the clear port and added addresses (needed from tcp service entry).