edge-router with encryption disabled fails

[dovholuknf]

• start the docker compose environment (ziti/quickstart/docker/docker-compose.yml). Make sure port 1408 is open...
• log into zac at http://localhost:1408
• create a new service - notice the encryption is checked ON - "encryptionRequired": true
• create policies, test intercept and host configs, (tcp:web-test-blue:8000 is available from @ziti-private-blue) - see things work perfectly
• add new "withoutEncryption" service where encryptionRequired: false
• create bind/dial policies, test.

Expected Result:

Both services should work

Observation:

Router successfully attachs to remote target - but "local client" shows failure. Router logs show:

ziti-private-blue_1               | [1373.253]    INFO edge/router/xgress_edge_tunnel.(*tunneler).Dial |establishPath|: {sessionId=[cl5h1pr8q01248eno6uzq6xjt] apiSessionId=[cl5h1pirh011s8eno5kauw916] circuitId=[KlUvw7DFl] serviceId=[GLFvuKPnYB] destination=[6ac048ea-bdf6-4920-a7f8-87be92763736] attemptNumber=[1] binding=[edge]} successful connection 172.30.0.6:48012->172.30.0.3:8000 for destination 6ac048ea-bdf6-4920-a7f8-87be92763736

curl will report "empty reply from server"

curl -v m5 without.docker.whale
* Could not resolve host: m5
* Closing connection 0
curl: (6) Could not resolve host: m5
*   Trying 100.64.0.11:80...
* TCP_NODELAY set
* Connected to without.docker.whale (100.64.0.11) port 80 (#1)
> GET / HTTP/1.1
> Host: without.docker.whale
> User-Agent: curl/7.68.0
> Accept: */*
>
* Empty reply from server
* Connection #1 to host without.docker.whale left intact
curl: (52) Empty reply from server