• treadful@lemmy.zip
    link
    fedilink
    English
    arrow-up
    5
    ·
    2 days ago

    I’m far from an expert on PKI, but isn’t the keypair used for the cert used for key exchange? Then in theory, if that key was compromised, it could allow an adversary to be able to capture and decrypt full sessions.

      • Blackmist
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 day ago

        Although this only was added in TLS1.2 I think. I had to switch it on manually for my server.

        I think it’s default for TLS1.3.

    • snowfalldreamland@lemmy.ml
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 day ago

      Im also not an expert but i believe since there Is still an ephemeral DH key exchange happening an attacker needs to actively MITM while having the certificate private key to decrypt the session. Passive capturing wont work