diff --git a/pkg/miscellaneous/miscellaneous.go b/pkg/miscellaneous/miscellaneous.go
index 06d9ba78c..e7161af6c 100644
--- a/pkg/miscellaneous/miscellaneous.go
+++ b/pkg/miscellaneous/miscellaneous.go
@@ -56,7 +56,7 @@ const (
 	// ScaledToMultiNodeAnnotationKey defines annotation key for scale-up to multi-node cluster.
 	ScaledToMultiNodeAnnotationKey = "gardener.cloud/scaled-to-multi-node"
 
-	httpProtocol = "http"
+	https = "https"
 
 	// etcdWrapperPort defines the port no. used by etcd-wrapper.
 	etcdWrapperPort = "9095"
@@ -610,16 +610,25 @@ func IsPeerURLTLSEnabled() (bool, error) {
 	if err != nil {
 		return false, fmt.Errorf("failed to get initial advertise peer URLs: %w", err)
 	}
+
+	peerURLsSchemes := make([]string, 0)
 	for _, peerURL := range memberPeerURLs {
 		parsedPeerURL, err := url.Parse(peerURL)
 		if err != nil {
 			return false, fmt.Errorf("failed to parse peer URL %s: %w", peerURL, err)
 		}
-		if parsedPeerURL.Scheme == httpProtocol {
-			return false, nil
-		}
+		peerURLsSchemes = append(peerURLsSchemes, parsedPeerURL.Scheme)
 	}
-	return true, nil
+
+	sort.Strings(peerURLsSchemes)
+
+	if peerURLsSchemes[0] != peerURLsSchemes[len(peerURLsSchemes)-1] {
+		return false, fmt.Errorf("peer URLs have different schemes")
+	}
+	if peerURLsSchemes[0] == https {
+		return true, nil
+	}
+	return false, nil
 }
 
 // GetPrevScheduledSnapTime returns the previous schedule snapshot time.
diff --git a/pkg/miscellaneous/miscellaneous_test.go b/pkg/miscellaneous/miscellaneous_test.go
index f8c692806..9eeb195ab 100644
--- a/pkg/miscellaneous/miscellaneous_test.go
+++ b/pkg/miscellaneous/miscellaneous_test.go
@@ -888,6 +888,30 @@ initial-cluster: etcd1=https://0.0.0.0:2380`
 			})
 		})
 
+		Context("with both TLS and non-TLS enabled peer url for the same pod", func() {
+			BeforeEach(func() {
+				etcdConfigYaml := `name: etcd1
+initial-advertise-peer-urls:
+  test_pod1:
+  - https://etcd-main-peer.default:2380
+  - http://etcd-main-peer.default:2381
+  test_pod2:
+  - https://etcd-main-peer.default:2380
+  - https://etcd-main-peer.default:2381
+  test_pod3:
+  - https://etcd-main-peer.default:2380
+  - https://etcd-main-peer.default:2381
+initial-cluster: etcd1=https://0.0.0.0:2380`
+				err := os.WriteFile(outfile, []byte(etcdConfigYaml), 0755)
+				Expect(err).ShouldNot(HaveOccurred())
+			})
+			It("should return error", func() {
+				enabled, err := IsPeerURLTLSEnabled()
+				Expect(err).Should(HaveOccurred())
+				Expect(enabled).To(BeFalse())
+			})
+		})
+
 		Context("with empty peer url passed", func() {
 			BeforeEach(func() {
 				etcdConfigYaml := `name: etcd1