Viewing debug logs on control links, I'm pretty sure control traffic isn't encrypted. I've never seen a "decrypt" message in the log.
As far as the fabric port.... if the traffic comnes into the SRX encrypted, it transits the fabric port encrypted. Even if the traffic terminates on one node, but comes in another node, it has to remain encrypted for the correct SPC on the other node to decrypt it.