An Experimental Study of TLS Forward Secrecy Deployments

Lin-Shung Huang, Shrikant Adhikarla, Dan Boneh, Collin Jackson
2014 IEEE Internet Computing  
Forward secrecy guarantees that eavesdroppers simply cannot reveal secret data of past communications. While many TLS servers have deployed the ephemeral Diffie-Hellman (DHE) key exchange to support forward secrecy, most sites use weak DH parameters resulting in a false sense of security. In our study, we surveyed a total of 473,802 TLS servers and found that 82.9% of the DHE-enabled servers were using weak DH parameters. Furthermore, given current parameter and algorithm choices, we show that
more » ... he traditional performance argument against forward secrecy is no longer true. We compared the server throughput of various TLS setups, and measured real-world client-side latencies using an ad network. Our results indicate that forward secrecy is no harder, and can even be faster using elliptic curve cryptography (ECC), than no forward secrecy. We suggest that sites should migrate to ECC-based forward secrecy for both security and performance reasons.
doi:10.1109/mic.2014.86 fatcat:umtqhugf6zc7bfnzuo6as6a4ii