Everything you need to know about TLS perfect forward secrecy — summed up in layman’s terms
If you ask a hundred ordinary web users to identify a safe website from an unsafe one, 90 of them would likely point to the padlock in the browser address bar. In one way, it’s good; in another way, not so much. It’s good in terms of users being able to identify SSL-enabled websites, and it’s a concern because not all SSL-enabled websites are safe.
Today, we’re going to talk about SSL/TLS perfect forward secrecy (PFS), an SSL/TLS feature that most of website administrators aren’t aware of, leave alone the common users. In a nutshell, it’s a way to protect individual channels of communications even in the unlikely event that a hacker cracks a server’s private key.