Forward secrecy
Instead of using what is called a long-term secrets key--typically the TLS certificate private key--a unique session key is generated for every session ensuring that the compromise of a
- single session key: does not affect any data other than that exchanged during this specific session
- long-term secret: does not affect the past data exchanged
For example AWS proposes different security policies and some permit Forward Secrecy
For Forward Secrecy, you can use one of the
ELBSecurityPolicy-FSpolicies or anELBSecurityPolicy-TLS13policy.