Does Ignition by default use encryption (e.g., TLS)? Or is the default state a non-encrypted communication since it typically runs in isolated networks?
Your answer is here:
Ignition versions 8.0.4 and later default to TLS versions 1.2 and 1.3 with a valid certificate. Older versions of Ignition should be upgraded to offer protection against known vulnerabilities.
The default state is unencrypted--you have to install a certificate to enable encryption.