So we've been using RSA for a while now. I wonder, is it still secure? I'm wondering whether surveillance agencies can at this point read traffic encrypted with say, TLS_ECDH_RSA_WITH_AES_128_GCM?
Ultimately, what is the best way to implement https? RSA? DSA? ECDSA? ECDH? Is elliptic curve stronger/more secure than RSA? (take quantum computers into account) Does perfect forward secrecy make it impossible to decrypt collected traffic in case the private key get's compromised in the feature? what implementation of https/ssl/tls makes it impossible to bulk collect data and decrypt it afterwards should the key be compromised.
Besides that, what else should be done to ensure data transmitted over https is secure?
Assuming you manage to safely generate RSA keys which are sufficiently large, i.e. >= 2048 bits, no TLS configuration flaw on your side, and the lack of security bugs in the TLS library used by your server or the one used by the client user agent, I do not believe
TLS_ECDH_RSA_WITH_AES_128_GCM can, at this point, be decrypted by surveillance agencies.
Here's a couple of resources listing best practices for implementing https:
External links referenced by this document: