Doubt in forward secrecy concept in TLSencryption

i’m looking through docs to setup TLS in mongodb instance.

The doc mentions "The use of an ephemeral key ensures that even if a server’s private key is compromised, you cannot decrypt past sessions with the compromised key

My doubt is how does the ephemeral key know that the server's private key is compromised?

It is a protocol feature. Here is a link to get you started.

Forward secrecy (sometimes also called perfect forward secrecy) is a protocol feature that enables secure conversations that are not dependent on the server’s private key. With cipher suites that do not provide forward secrecy, someone who can recover a server’s private key can decrypt all earlier recorded encrypted conversations. You need to support and prefer ECDHE suites in order to enable forward secrecy with modern web browsers. To support a wider range of clients, you should also use DHE suites as fallback after ECDHE. Avoid the RSA key exchange unless absolutely necessary. My proposed default configuration in Section 2.3 contains only suites that provide forward secrecy.

1 Like