Outbound Traffic Policy: REGISTRY_ONLY , sidecar ALLOW_ANY works for various ports but fails for port 80 (http)

### Bug Description

I have the global mesh set to: Outbound Traffic Policy: REGISTRY_ONLY but I have a sidecar entry as follows:
```
apiVersion: networking.istio.io/v1beta1
kind: Sidecar
metadata:
  name: curl
  namespace: apps
spec:
  outboundTrafficPolicy:
    mode: ALLOW_ANY
  workloadSelector:
    labels:
      app: curl
```
No service entries specified in the apps namespace.

works as expected: 
curl https://www.cnn.com

returns a 502 bad gateway:
curl http://www.cnn.com

when the sidecar entry is deleted
 curl https://www.cnn.com
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.cnn.com:443 

### Version

```prose
istioctl version
client version: 1.12.4
control plane version: 1.12.4
data plane version: 1.12.4-tetratefips-v0 (79 proxies)

kubectl version --short
Client Version: v1.22.5
Server Version: v1.21.12-eks-a64ea69
```


### Additional Information

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Outbound Traffic Policy: REGISTRY_ONLY , sidecar ALLOW_ANY works for various ports but fails for port 80 (http) #39794

Bug Description

Version

Additional Information

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Outbound Traffic Policy: REGISTRY_ONLY , sidecar ALLOW_ANY works for various ports but fails for port 80 (http) #39794

Description

Bug Description

Version

Additional Information

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions