It’s something akin to a layer violation to have a database server running openssl and encrypting its own communication. It isn’t it’s business at all.
This is one of the most disappointing hackernews submissions I have seen in a while. I use a private CA and client certificate authentication. It might be overkill but it is easy to implement.