Forward Secrecy (PFS)
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="proxy.php?url=https%3A%2F%2Fstatuscodefyi.com%2Fiframe%2Fglossary%2Fforward-secrecy%2F" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://statuscodefyi.com/glossary/forward-secrecy/Add a dynamic SVG badge to your README or docs.
[](https://statuscodefyi.com/glossary/forward-secrecy/)Use the native HTML custom element.
A property of a key exchange mechanism where compromising the server's long-term private key does not allow decryption of previously recorded encrypted sessions. Forward secrecy is achieved by generating a unique ephemeral session key for each connection via Diffie-Hellman (DHE) or elliptic-curve Diffie-Hellman (ECDHE) key exchange. TLS 1.3 mandates forward secrecy by removing static RSA key exchange entirely. Without PFS, a single key compromise allows bulk decryption of all past traffic.