If I have a backend implementation for TLS, does Ingress NGINX expose it correctly?

I'm exposing an MQTT service through an Ingress NGNIX with the following configuration:

ConfigMap:

---

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-ingress-tcp-microk8s-conf
  namespace: ingress
#Add the service we want to expose
data:
  1883: "default/mosquitto-broker:1883"

DaemonSet:

---
apiVersion: apps/v1
kind: DaemonSet
   ...
spec:
  selector:
    matchLabels:
      name: nginx-ingress-microk8s
  template:
    metadata:
   ...
    spec:
      ...
        ports:
        - containerPort: 80
        - containerPort: 443
#Add the service we want to expose
        - name: prx-tcp-1883
          containerPort: 1883
          hostPort: 1883
          protocol: TCP
        args:
        - /nginx-ingress-controller
        - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf
        - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf
        - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf
        $DEFAULT_CERT
        $EXTRA_ARGS

I have configured the MQTT broker to use TLS in the backend. When I run the broker in my machine, outside the kubernetes cluster, Wireshark detects the messages as TLS, and it doesn't show anything about MQTT:

However, if I run the broker inside the cluster, it shows that im using MQTT, and nothing about TLS. But the messages aren't read correctly:

And finally, if I run the MQTT broker inside the cluster without TLS, Wireshark detects correctly the MQTT pakcets:

My question is: Is the connection encrypted when I use TLS inside the cluster? It's true that Wireshark doesn't show the content of the packets, but it knows I'm using MQTT. Maybe it's because the headers aren't encrypted, but the payload is? Does anyone knows exactly?