If using a non-FS key exchange (like RSA) then the value that the session key is derived from (the pre-master secret) is sent over the wire encrypted using the server's public key. If that session is recorded and in the future the server's private key is obtained, it can be used to decrypt the pre-master secret, derive the session key, and decrypt the entire session.

If on the other hand you use a FS key exchange (like ECDHE), and the session is recorded, and the server's private key is obtained, the session key cannot be recovered (that's a property of ECDHE or any forward-secure key exchange), and none of the traffic is decryptable.

▲

nothrabannosir 10 months ago | parent | next [-]

Thanks I think I understand better now!

▲

dingaling 10 months ago | parent | prev [-]

> the session key cannot be recovered

Of course it can, but only for that specific session.

	▲	KAMSPioneer 10 months ago \| parent [-]
		No, my GP is correct: if the server's RSA private key is compromised it does not allow decryption of any previously-recorded sessions. You would need to compromise the _ephemeral session key_ which is difficult because it is discarded by both parties when the session is closed. Compromising the RSA key backing the certificate allows _future_ impersonations of the server, which is a different attack altogether.