S3 replication with encryption help

Hi…trying to use the aws_s3_bucket resource (https://www.terraform.io/docs/providers/aws/r/s3_bucket.html#source_selection_criteria) to setup an encrypted S3 bucket with replication. Everything works except for source replication config doesnt select the source Replicate objects encrypted with AWS KMS key. If I look at the gui at the replication setting the box is checked but no KMS item is selected. I can’t figure out which TF item sets that. Does anyone know?

resource "aws_s3_bucket" "source_bucket" {
  provider = aws.central
  bucket   = "tf-test-bucket-12345888888x"
  acl      = "private"
  region   = "eu-central-1"

  versioning {
    enabled = true
  }

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        kms_master_key_id = aws_kms_key.kms_source_bucket.arn
        sse_algorithm     = "aws:kms"
      }
    }
  }

  replication_configuration {
    role = aws_iam_role.replication.arn

    rules {
      // id     = "all"
      prefix = ""
      status = "Enabled"

      destination {
        bucket             = aws_s3_bucket.destination_bucket.arn
        storage_class      = "STANDARD"
        replica_kms_key_id = aws_kms_key.kms_destination_bucket.arn
      }

      source_selection_criteria {
        sse_kms_encrypted_objects {
          enabled = "true"
        }
      }
    }
  }
}

Feels like i am missing the source kms ID in the source_selection_criteria block but in the docs there is no option for it.