To encrypt traffic to sql you have two choices, they both work over the actual sql port (default instance = 1433).
The first is to enable encryption through the server configuration - what happens is a client connects and if it is allowed to use encryption after the first initial packets and before any data is transferred over the network the channel is encrypted.
The second choice is to encrypt at the ip level and use something like ipsec.
Either way they both work over the normal port (generally 1433) or if it is an instance then whatever that listens on.
ed