That's a client library question.
DBD::mysql implements the mysql_ssl flag which enables the MySQL client library SSL encryption for the socket. Other DBDs may implement similar things for their libraries.
My criteria for good software:
- Does it work?
- Can someone else come in, make a change, and be reasonably certain no bugs were introduced?