It does, assuming you don't have any way to extract the session keys from server... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		makomk on April 7, 2014 \| parent \| context \| favorite \| on: The Heartbleed Bug It does, assuming you don't have any way to extract the session keys from server RAM - which is kind of the problem here.

this_user on April 7, 2014 [–]

I was thinking of the scenario of old traffic being recorded by someone. Unless they also extracted the session key at that time, that traffic should be secure if PFC was enabled even if someone where to extract the server key now.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact