Perfect Forward Secrecy: Not So Perfect, Not So Forward

Alan Braggins alan.braggins at
Wed Dec 12 17:03:01 GMT 2012

On 11/12/12 20:59, Peter Fairbrother wrote:
> It's been a while since I checked, but I think Google do offer a DHE
> suite - but the client must ask for one, they are not used as default.

The default is now DHE.
"We are now pushing forward by enabling forward secrecy by default."
"Firstly, the preferred cipher suite for most Google HTTPS servers is 
ECDHE-RSA-RC4-SHA. If you have a client that supports it, you'll be 
using that ciphersuite."

More information about the ukcrypto mailing list