mTLS for TCP with istio-proxy

Hi All

I am using rabbitmq and many http application pods with side-car proxy. The mtls policy is permissive. The communication between application pods happening over tls. I am monitoring the port using tcpdump command in istio-proxy. The payload is printed only in encrypted form. But when I monitor for incoming messages from rabbitmq, it’s printing the payload in plain text. Does this mean istio proxy is not able to send the amqp communication between rabbitmq and application pod over tls? I can see the same issue happening for dynomite and redis. Does mTLS doesn’t work for TCP? I am using istio 1.7.4

Command to see tcpdump
‘sudo tcpdump src rabbitmq-pod-ip -A -vv’ .

cc @incfly for permissive mTLS policy.

Istio TLS is using the plain text mode for dynomite and redis also . The TLS is not happening for anything other than http based protocol. Dynomite, redis and rabbitmq are deployed as stateful sets. Does mTLS supports TLS for stateful sets.