- Lefty, 01 Dec 2013
I was reading an article on TechDirt today about Forward Secrecy in SSL/TLS connections and how Twitter had recently introduced it. In a nutshell, forward secrecy is a way of SSL handshaking that prevents someone nefarious who’s recording your SSL traffic from decrypting all of your previous SSL communication if your private key is compromised.
Out of curiosity, I ran the linked SSL tester from Qualys that checks your server for compliance with forward secrecy (in addition to a bunch of other useful stuff), and found out my systems were using old, stinky DES-based 56-bit ciphers. Since I’m running lighttpd, I followed Remy’s guide to securing my install.
Passing all the tests now with >80%! Hooray! I feel a tiny bit more secure now.