Forward Secrecy

Forward secrecy (often Perfect Forward Secrecy, PFS) means that even if an attacker records all your encrypted TLS traffic today and steals your server's private key tomorrow, they still cannot decrypt the captured sessions. It is achieved by using ephemeral Diffie-Hellman key exchange (ECDHE) to derive a per-session key that is discarded after the connection ends; the long-term key only authenticates the handshake. TLS 1.3 mandates forward secrecy in every cipher suite. TLS 1.2 only provides it for ECDHE/DHE suites, which is why disabling static-RSA key exchange has been the recommendation for a decade.