A security engineer needs to configure a web server to support Perfect Forward Secrecy (PFS) for HTTPS connections. Which of the following key exchange methods should be prioritized?
ECDHE generates ephemeral keys for each session, ensuring that compromise of long-term keys does not compromise past sessions.
Why this answer
ECDHE is prioritized for Perfect Forward Secrecy because it generates a unique, ephemeral session key for each TLS handshake using elliptic curve cryptography, ensuring that if the server's long-term private key is compromised, past session keys remain secure. Unlike static Diffie-Hellman, ECDHE does not reuse key material, and it offers stronger security per bit compared to traditional DH, making it the recommended choice for PFS in modern HTTPS configurations.
Exam trap
EC-Council often tests the misconception that any Diffie-Hellman variant automatically provides PFS, but candidates must remember that only ephemeral modes (DHE or ECDHE) guarantee forward secrecy, while static DH does not.
How to eliminate wrong answers
Option A is wrong because standard Diffie-Hellman (DH) key exchange can be used in ephemeral mode (DHE) to provide PFS, but the question asks for the method to be 'prioritized'; ECDHE is preferred over DH due to its smaller key sizes, faster computation, and equivalent security strength, so DH is not the top priority. Option C is wrong because Pre-Shared Key (PSK) is a symmetric key method that does not provide forward secrecy—if the PSK is compromised, all past sessions using that key are exposed. Option D is wrong because RSA key exchange is static; the client encrypts the pre-master secret with the server's RSA public key, so if the server's private key is later compromised, all recorded sessions can be decrypted, violating PFS.