I have the following Envoy configuration (.yaml) that works perfectly when I proxy to an internal service:

static_resources:
  listeners:
  - address:
      socket_address:
        address: 0.0.0.0
        port_value: 10000
    filter_chains:
    - filters:
      - name: envoy.filterswork.tcp_proxy
        typed_config:
          "@type": type.googleapis/envoy.extensions.filterswork.tcp_proxy.v3.TcpProxy
          cluster: service-https
          stat_prefix: https_passthrough

  clusters:
  - name: service-https
    type: STRICT_DNS
    lb_policy: ROUND_ROBIN
    load_assignment:
      cluster_name: service-https
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: service-https
                port_value: 443

This works fine, and I can make requests like:

curl -k :10003/

However, when I change the cluster destination to example, like this:

address: example

I get the following SSL error:

curl -k :10003/
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 10.0.0.1:10003

I've confirmed that example is accessible from the Envoy instance (outside of Envoy).

Any ideas on why this might be happening, and how I can fix it?