Mysql enable encrypted transmission of data. First, check if you have ssl compiled in to your mariadb server

SHOW GLOBAL VARIABLES LIKE 'have_ssl';

The possible values are:

If it is DISABLED, then the server was compiled with TLS support, but TLS is not enabled.

If it is YES, then the server was compiled with TLS support, and TLS is enabled.

If it is NO, then the server was not compiled with TLS support.

Next, check your version support:

SHOW GLOBAL VARIABLES LIKE 'tls_version';

https://mariadb.com/kb/en/securing-connections-for-client-and-server/

Enabling TLS for MariaDB Server

In order to enable TLS on a MariaDB server that was compiled with TLS support, there are a number of system variables that you need to set, such as:

You need to set the path to the server’s X509 certificate by setting the ssl_cert system variable.

You need to set the path to the server’s private key by setting the ssl_key system variable.

You need to set the path to the certificate authority (CA) chain that can verify the server’s certificate by setting either the ssl_ca or the ssl_capath system variables.

If you want to restrict the server to certain ciphers, then you also need to set the ssl_cipher system variable.

For example, to set these variables for the server, add the system variables to a relevant server option group in an option file:

[mariadb]
...
ssl_cert = /etc/my.cnf.d/certificates/server-cert.pem
ssl_key = /etc/my.cnf.d/certificates/server-key.pem
ssl_ca = /etc/my.cnf.d/certificates/ca.pem

And then restart the server to make the changes persistent.

https://kitson-consulting.co.uk/blog/configure-mysql-mariadb-ssl-tls
https://mariadb.com/kb/en/securing-connections-for-client-and-server
https://mariadb.com/kb/en/secure-connections-overview
https://mariadb.com/kb/en/data-at-rest-encryption-overview