To setup SSL connections for MySQL you need three things...
A Certificate Authority (CA) certificate
A server public key certificate file
A server private key file
NOTE: As of MySQL 5.7.35, the TLSv1 and TLSv1.1 connection protocols are deprecated and support for them is subject to removal in a future MySQL version. (1)
# TLS
ssl-ca = CA.cer
ssl-cert = cert.pem
ssl-key = key.pem
tls-version = TLSv1.2
Other variables...
require_secure_transport
ssl_capath
ssl_cipher
ssl_crl
ssl_crlpath
tls_ciphersuites
These messages are common in the mysql.log at instance startup when the instance reads SSL/TLS config from my.cnf...
The following status variables are relevant...
tls_library_version
SELECT variable_name, variable_value
FROM performance_schema.global_status
WHERE variable_name LIKE 'current_tls%';