Ever wondered what forward secrecy is and how it applies to SSL/TLS? Forward secrecy protects current encryption even in the event of a future crack of a long term private key. Using ephemeral keying in TLS with DHE or ECDHE yields this protection because the temporary key is unique and never used again. So even if the server`s private key is cracked two years from now your current communication is still secure. wolfSSL offers several cipher suites that give users this added security:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
If you have any comments or questions please let us know.
Happy Thanksgiving,
Team yaSSL