Enable Perfect Forward Secrecy

Perfect Forward Secrecy (PFS) is unavailable with the server configuration. If the TLS encryption is broken once, recordings of previous connections are not secure and may be decrypted.

Security Assessment

Security_Assessment_EnablePerfectForwardSecrecy-1

CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

Perfect Forward Secrecy (PFS) is unavailable with the server configuration. If the TLS encryption is broken once, recordings of previous connections are not secure and may be decrypted.

Guides

To enable PFS, configure your webserver to only use recent cipher suites that include PFS. See the following wiki article for details: Secure TLS Configuration

For more information about Crashtest Security visit crashtest-security.com