完美前向保密
【Perfect forward secrecy】
术语 前向保密 或“完美前向保密”描述了密钥协商(即密钥交换)方法的一种特性。也就是说,服务器和客户端的密钥用于协商新的临时密钥,这些临时密钥仅用于当前的通信会话。实际上,这意味着即使服务器的私钥被泄露,窃听者也只能在攻击者设法获取专门为该会话生成的密钥对时才能解密通信。
【The term forward secrecy or perfect forward secrecy describes a feature of key-agreement (i.e., key-exchange) methods. That is, the server and client keys are used to negotiate new temporary keys that are used specifically and only for the current communication session. Practically, this means that even if the server's private key is compromised, communication can only be decrypted by eavesdroppers if the attacker manages to obtain the key-pair specifically generated for the session.】
完美前向保密性通过在每次 TLS/SSL 握手时随机生成密钥对来实现(与对所有会话使用相同密钥相反)。实现这种技术的方法称为“临时密钥”。
【Perfect forward secrecy is achieved by randomly generating a key pair for key-agreement on every TLS/SSL handshake (in contrast to using the same key for all sessions). Methods implementing this technique are called "ephemeral".】
目前通常使用两种方法来实现完美前向保密(注意在传统缩写后加上的字符“E”):
【Currently two methods are commonly used to achieve perfect forward secrecy (note the character "E" appended to the traditional abbreviations):】
使用 ECDHE 的完美前向保密性默认启用。在创建 TLS 服务器时,可以使用 ecdhCurve 选项来自定义支持的 ECDH 曲线列表。更多信息请参见 tls.createServer()。
【Perfect forward secrecy using ECDHE is enabled by default. The ecdhCurve
option can be used when creating a TLS server to customize the list of supported
ECDH curves to use. See tls.createServer() for more info.】
DHE 默认情况下是禁用的,但可以通过将 dhparam 选项设置为 'auto' 来与 ECDHE 一起启用。也支持自定义 DHE 参数,但建议使用自动选择的知名参数。
【DHE is disabled by default but can be enabled alongside ECDHE by setting the
dhparam option to 'auto'. Custom DHE parameters are also supported but
discouraged in favor of automatically selected, well-known parameters.】
在 TLSv1.2 之前,完美前向保密是可选的。从 TLSv1.3 开始,(EC)DHE 总是被使用(仅 PSK 连接除外)。
【Perfect forward secrecy was optional up to TLSv1.2. As of TLSv1.3, (EC)DHE is always used (with the exception of PSK-only connections).】