1.2.2 Use Forward Secrecy
Forward secrecy (also known as perfect forward secrecy) is a feature of cryptographic protocols that ensures that every communication (connection) to the server uses a different and unique set of encryption keys. These keys are called ephemeral because they are discarded when they are no longer needed. Ephemeral connection keys do not depend on any long-term keys—for example, the server key. When there is no forward secrecy, an adversary who can record your network traffic and later obtain the server key can also decrypt all past communications.
SSL and TLS initially used only the RSA key exchange that doesn’t support forward secrecy. To fix that, the ephemeral Diffie-Hellman (DHE) and Elliptic Curve Diffie-Hellman (ECDHE) key exchanges were added over time, along with some protocol improvements in TLS 1.3. Don’t be confused by the fact that RSA can be used for key exchange and authentication; there is nothing wrong with the latter. For as long as you continue to use RSA private keys, the string RSA will remain in the suite name.
In TLS 1.2 and earlier protocol releases, the key exchange (and thus forward secrecy) is controlled via cipher suite configuration. Therefore, you want to ensure that all enabled suites embed the keywords DHE and ECDHE. From TLS 1.3, all suites incorporate forward secrecy and the RSA key exchange is no longer supported.