Why forwarding a Host Header from the previous request with mTLS is not working?

So I had a working mTLS service mesh until one of the services got updated with some header manipulation logic. This logic was getting the headers from the request the service got, and then adding those headers to the request this service was making to another one.

With this logic in place, mTLS was broken between this service and the next one, and if I activate PERMISSIVE mode, connection works as usual.

So then I went to this service’s container and did a curl request to the next service but without the Host Header and the request came through.

So, same request, just that without Host header mtls works, and with host header it doesn’t.

I would like to know the reason why this happens. Is it related with mTLS and how both services are trusting each other?