It is often a confusion whether the client connection or the replication slave is using encryption while connecting to the MySQL server. The below query can tell you whether your connection is using encryption or not
SELECT sbt.variable_value AS tls_version, t2.variable_value AS cipher, processlist_user AS user, processlist_host AS host FROM performance_schema.status_by_thread AS sbt JOIN performance_schema.threads AS t ON t.thread_id = sbt.thread_id JOIN performance_schema.status_by_thread AS t2 ON t2.thread_id = t.thread_id WHERE sbt.variable_name = 'Ssl_version' and t2.variable_name = 'Ssl_cipher' ORDER BY tls_version;
Of course, there are other options to find out. But this one will list all the connections which use or do not use encryption. This worked for me on MySQL 5.7. I have not tried this on other versions and for sure this does not work on some of the older versions of MySQL where we do not have performance_schema.