Percona Live Talk by Daniël van Eeden: Protecting MySQL Network Traffic.
Warning: It is somewhat more complicated than this:
Check out the performance slide (#22), too.
Tl;Dr: You want a MySQL compiled against OpenSSL, because SSL Tickets and AES-NI support. YaSSL sucks, hard. With Tickets and hardware symmetric encryption, TLS support in MySQL is actually no longer slow.
Tl;DR 2: MariaDB is actually pretty well positioned here.