Definition
Forward Secrecy
Forward secrecy is the property of a key exchange protocol that ensures session keys of past encrypted communications cannot be compromised even if the attacker obtains the private key of the server.
Implementation
Typically implemented with an ephemeral Diffie-Hellman key exchange. For every connection, both client and server randomly generate a fresh Diffie-Hellman private key. The ephemeral private key is different from the server’s static private key used for authentication (whose corresponding public key is stored in the certificate).