diff --git a/pkg/config/config.go b/pkg/config/config.go
index a4534fc51..f27c7865e 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -134,7 +134,7 @@ const (
 	// hostname for a Route's tag.
 	TagTemplateKey = "tag-template"
 
-	// InternalEncryptionKey is deprecated and replaced by InternalDataplaneTrustKey and internal-controlplane-trust
+	// InternalEncryptionKey is deprecated and replaced by InternalDataplaneTrustKey and ControlplaneTrustKey.
 	// InternalEncryptionKey is the name of the configuration whether
 	// internal traffic is encrypted or not.
 	InternalEncryptionKey = "internal-encryption"
@@ -445,9 +445,17 @@ func NewConfigFromMap(data map[string]string) (*Config, error) {
 	return nc, nil
 }
 
-// InternalTLSEnabled returns whether or not dataplane-trust is disabled
+// InternalTLSEnabled returns whether or not InternalEncyrption is enabled.
+// Currently only DataplaneTrust is considered.
 func (c *Config) InternalTLSEnabled() bool {
-	return c.DataplaneTrust != TrustDisabled
+	return tlsEnabled(c.DataplaneTrust)
+}
+
+func tlsEnabled(trust Trust) bool {
+	return trust == TrustMinimal ||
+		trust == TrustEnabled ||
+		trust == TrustMutual ||
+		trust == TrustIdentity
 }
 
 // GetDomainTemplate returns the golang Template from the config map