← All guides
TLS Cipher Strength: Forward Secrecy, AEAD and Weak Ciphers
A valid certificate is only half of TLS security; the negotiated cipher matters too. A modern configuration provides forward secrecy and uses an AEAD cipher, while old ciphers like RC4 and 3DES should be disabled.
Forward secrecy
Forward secrecy (via ECDHE or DHE key exchange, and always in TLS 1.3) means a future compromise of your private key cannot decrypt traffic captured today. Static-RSA key exchange lacks this and should be avoided.
AEAD vs CBC
AEAD ciphers (AES-GCM, ChaCha20-Poly1305) combine encryption and integrity and resist the padding-oracle attacks that affect older CBC-mode ciphers. Prefer AEAD and disable RC4, 3DES, EXPORT and NULL ciphers entirely.