[Areading314]

I would expect most databases that are listening to public internet connections are doing so by accident

[imtringued]

That sounds like a very good reason to add another security layer like client certificate authentication.

[Areading314]

Not really. Most of the time setting up a segregated network architecture is actually easier than dealing with encrypted database connections -- certificate management is by nature dynamic vs. the static nature of a secure network