First, generate a dummy self-signed certificate:
openssl req -new -x509 -days 3650 -newkey rsa:2048 -out server.crt -keyout server.key -nodes -subj /CN=dummy
Since SSH already provides it's own host key verification, there's no need to worry about it at the TLS layer too. One you have this,
start a socat service to provide the server-side of the TLS tunnel.
sudo socat openssl-listen:443,certificate=server.crt,key=server.key,fork,reuseaddr,verify=0 tcp-connect:localhost:22
sudo is only needed here for using the low-values port number to listen on. This will tunnel TLS connections on port 443 to the
local SSH server. This requires that you don't also have a web server already on the same port.
Then, add the following to your ~/.ssh/config file which will enable the socat tools to proxy over TLS to the server:
Host server
HostName hostname-of-my-server
Port 443
User user
ProxyCommand socat stdio openssl:%h:%p,verify=0
Then you can use ssh server and it will proxy the connection over socat.