Configuring TLS connections between components

Network connections between the components of the SES Evolution solution are protected by TLS. To configure connections that use TLS, components rely on the configuration of the operating system on backend servers and agent handlers.

For more secure TLS connections, we recommend disabling the weakest encryption algorithms.

You can choose either of the following methods to configure such connections.

NOTE
If any of the other applications installed on the server also use TLS, changes made to the configuration will affect them.

Configuring TLS connections through group policy objects (GPO)

Open the group policy editor (gpedit.msc),
Select Computer configuration > Policies > Administrative templates > Network > SSL configuration settings,
In the panel on the right, double-click on SSL cipher suite order,
The SSL cipher suite order window opens. Select the Enabled option.
In the SSL cipher suites field, paste the following value on a single line without spaces:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384
Deploy this configuration on the servers hosting the backend and SES Evolution agent handlers.