Configuration Medium If a forward secret cipher is not used, the security of the session data is as secure as the server's long-term private key. Server administrators should configure the server to prioritize forward secret cipher suites such as those using ECDHE (elliptic-curve DH ephemeral) and DHE (DH ephemeral). Mozilla has made guielines available for securely configuring TLS servers. See the references section for a link. The HTTPS server must likely be restarted for any configuration changes to take effect. Vega detected that the server does not prioritize forward secret ciphers in the list of supported cipher suites. Forward secret ciphers use algorithms such as Diffie-Hellman ephemeral to generate a single-use session key. This key is not derived from the long-term private key, therefore the security of the data is not subject to decryption if that key is compromised in the future. Security/Server Side TLS (Mozilla) HTTPS (Wikipedia)