we pass only field level encrypted traffic from API gateway to NLB and using protocol as TCP. Can we send the traffic from NLB to EC2 with protocol TCP?

I have used Amazon Q assistant for a query and this is the result - Question:- what is the recommended protocol between NLB & EC2?

Answer:- The recommended protocol between a Network Load Balancer (NLB) and EC2 instances is TCP. Some best practices include:

1. Install a web server like Apache or Nginx on the EC2 instances registered with the NLB.
2. Enable TCP keep-alive on the EC2 instances to allow the NLB to reuse connections for multiple client requests, improving throughput.
3. Allow ICMP fragmentation messages in the EC2 security groups to enable Path MTU Discovery for the NLB.
4. To pass encrypted traffic directly to EC2 instances without decrypting at the NLB, create a TCP listener on port 443 instead of a TLS listener. The NLB will pass requests as-is to the targets.
5. Configure the target group protocol as TLS only if terminating SSL at the NLB. Otherwise, TCP is sufficient. You can test NLB connectivity from EC2 using tools like curl, wget or netcat on the listener port rather than attempting to ping the NLB directly. Refer to the AWS documentation for more details on networking best practices.

I have doubts around 4th and 5th points in above answer.

What exactly does encrypted data mean? we pass only field level encrypted traffic from API gateway to NLB and using protocol as TCP. Can we send the traffic from NLB to EC2 with protocol TCP?