I added two verified email addresses to SES so that I could send emails from/to them while in the SES Sandbox.

class UserMailer < ApplicationMailer
  default from: 'accounts+aws-ses@gofreerange.com'

  def welcome_email
    mail(to: 'chris.roos@gofreerange.com', subject: 'Welcome to My Awesome Site')
  end
end

This results in an SSL error.

config.action_mailer.smtp_settings = {
  address: 'email-smtp.eu-west-1.amazonaws.com',
  port:	25,
  enable_starttls_auto: true,
  tls: true,
  ssl: true,
  user_name: '<username>',
  password: '<password>'
}

$ rails c
> UserMailer.with({}).welcome_email.deliver_now
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol

This results in an SSL error.

config.action_mailer.smtp_settings = {
  address: 'email-smtp.eu-west-1.amazonaws.com',
  port:	25,
  enable_starttls_auto: true,
  tls: true,
  user_name: '<username>',
  password: '<password>'
}

$ rails c
> UserMailer.with({}).welcome_email.deliver_now
> OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol

This results in an SSL error.

config.action_mailer.smtp_settings = {
  address: 'email-smtp.eu-west-1.amazonaws.com',
  port:	25,
  enable_starttls_auto: true,
  ssl: true,
  user_name: '<username>',
  password: '<password>'
}

$ rails c
> UserMailer.with({}).welcome_email.deliver_now
> OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol

This works correctly. And presumably encrypts the traffic.

config.action_mailer.smtp_settings = {
  address: 'email-smtp.eu-west-1.amazonaws.com',
  port:	25,
  enable_starttls_auto: true,
  user_name: '<username>',
  password: '<password>'
}