Skip to main content

Implement perfect forward secrecy


Critical communications should travel through a secure channel that implements perfect forward secrecy.


All communications between the client and the server should take place over channels that are protected and encrypted. Secure channels often use a single secret to encrypt all communications. Therefore, if that secret is breached, all past communications can be decrypted and compromised. Perfect forward secrecy is attained when each message in a conversation is encrypted using a different secret. Thus, if a secret is breached, only a small portion of a conversation can be compromised, which represents an increase in the overall security of the system.


  • CAPEC-117: Interception: An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g., radio).

  • CWE-326: Inadequate Encryption Strength: The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

  • NIST 800-52 Cipher Suites for TLS 1.2 and Earlier Versions: Prefer ephemeral keys over static keys (i.e., prefer DHE over DH, and prefer ECDHE 690 over ECDH). Ephemeral keys provide perfect forward secrecy.

  • OWASP Top 10 A3:2017-Sensitive Data Exposure: Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser.

  • OWASP-ASVS v4.0.1 V9.1 Communications Security Requirements.(9.1.1): Verify that secured TLS is used for all client connectivity, and does not fall back to insecure or unencrypted protocols.

  • OWASP-ASVS v4.0.1 V9.1 Communications Security Requirements.(9.1.2): Verify using online or up to date TLS testing tools that only strong algorithms, ciphers and protocols are enabled, with the strongest algorithms and ciphers set as preferred.

  • PCI DSS v3.2.1 - Requirement 3.6.4: Fully document and implement all key-management processes and procedures for cryptographic keys including cryptographic key changes for keys that have reached the end of their cryptoperiod.