Perfect Forward Secrecy (PFS) assures that compromise of an SSL session does not mean compromise of other SSL sessions that use the same server certificate. It is a property of cipher suites with DHE in their names. Of the five cipher suites we enable by default, three have this property. The downside of PFS is performance, so a balance needs to be struck.

View supports DHE-DSS, DHE-RSA, and ECDHE-RSA cipher suites. The first two can be enabled in conjunction with standard DSS or RSA certificates. ECDHE-RSA has better performance but requires an ECC certificate that is signed with an RSA key. Do not request from a CA an ECC certificate that is signed with an EC key because View cannot use this.