Lightboard Lessons: Unexpected Side Effects of Perfect Forward Secrecy

Perfect Forward Secrecy (PFS) is a great security feature that protects client and server data from being decrypted in the future.  Many web servers today prefer PFS ciphers, but there are a few things to keep in mind when turning on PFS ciphers on web servers.  In this video, we discuss a few of the things to keep in mind as you move toward PFS ciphers.  Enjoy!  

Related Resources:

Published May 17, 2017
Version 1.0

Was this article helpful?


  • Hi,


    Another great video! I wonder what possible solution can be used in case of bank example. Only one I can see right now is using somewhere SSL Bridging, so Internet facing service is protected with PFS type of ciphers and inside side with some weaker ciphers that can be decrypted using private key.




  • Thanks Piotr! Yes, that could be one will be interesting to see what people recommend as we are forced to move to PFS only in the future. I'm sure some interesting solutions will be proposed!!


  • BTW, what has to be compromised in case of PFS to decrypt session? server random number, client random number or both?




  • It would only take compromising one of the random numbers because you could then take the known, calculated value from the other (because it is shared in plaintext) and create the shared bulk encryption key from there. This is why it's good to use ephemeral keys because the random numbers from client and server will change with every session. So, even if you compromised the random number for one session, you would only have the data from that one session...not all sessions. Hope this helps!