id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc
389	Enable HTTPS perfect forward secrecy	andersk		"This is complicated by the requirement to keep SSLSessionTicketKeyFile out of persistent storage, rotate it frequently, and synchronize it across servers.  It would also be nice to remember the last N old keys so that each rotation doesn’t force every user to establish a new SSL session.  We’ll probably need to do some Apache development.

https://www.imperialviolet.org/2013/06/27/botchingpfs.html
https://blog.twitter.com/2013/forward-secrecy-at-twitter-0"	enhancement	closed	minor		web	fixed