Google already offers HTTPS as default for Gmail and encrypted search. Google has now moved on and is now enabling “forward secrecy” by default. Forward secrecy (or PFS) ensures that a session key cannot be compromised if a long term private key is compromised in the future. What this means is, forward secrecy doesn’t allow persistent stored private keys to be used for connections and helps stop hackers (using ECDHE encryption) from snooping on your HTTPS network connection.
If a private single key is broken a hacker will be unable to decrypt your connection history – in fact it makes it almost impossible to decrypt HTTPS sessions. Google is planning ahead because in the future computer systems will be much faster and could break a servers private key and decrypt email traffic. As for supporting TLS 1.1/1.2 Google says not right now but plans too in the future.
Google has made live forward secrecy with Gmail, Google+ and many more Google HTTPS services. If you want to check whether you have forward secret connections, you can do this in Google Chrome by clicking on the green padlock in the address bar where it says HTTPS (see image opposite). If you see the ECDHE_RSA (provides the forward secrecy) key exchange forward secret connections is enabled.
If you use Mozilla Firefox you can also use forward secret by default. You can check whether your version of Firefox supports ECDHE by typing “About:config” in the browser and search for “ECDHE”. Only Chrome and Firefox will initially use PFS by default with Google services, because Internet Explorer (IE) doesn’t support the combination of ECDHE and the RC4 encryption algorithm.
Safe surfing folks!