Our SSL servers support “perfect forward secrecy”

If your site uses an SSL certificate from us, our servers now provide an important feature called perfect forward secrecy.

SSL replies on secret “encryption keys” (long strings of numbers). If an attacker doesn’t have the key, they can’t read the encrypted data.

However, older versions of SSL had a weakness. If an attacker recorded all the encrypted communications, then obtained the key much later, they could go back and decrypt the original communications.

Perfect forward secrecy prevents this. Attackers can only decrypt the data if they already have a copy of the key at the time they’re recording what gets sent.

Every site using SSL on our servers now supports perfect forward secrecy automatically. You don’t need to do anything extra.