SQL Server has supported SSL for a number of years and you can enable SSL encryption for your Availability Group listeners to encrypt your data in transit.

When connecting to an availability group listener, if the participating instances of SQL Server use SSL certificates in conjunction with session encryption, the connecting client driver will need to support the Subject Alternate Name in the SSL certificate in order to force encryption.

Example: In this case there are 3 listeners in the SAN of the SSL certificate

CN = vintdbs003.stage.xyz.com.au

SAN = vintdbs003.stage.xyz.com.au,virlidbs001.stage.xyz.com.au, virlidbs003.stage.xyz.com.au, virlidbs005.stage.xyz.com.au