How is ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) used in practice?

See real-world examples and code snippets on the ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) glossary page at CDN Certified.

What concepts are related to ECDHE (Elliptic Curve Diffie-Hellman Ephemeral)?

Related terms include: TLS (Transport Layer Security), ECDSA (Elliptic Curve Digital Signature Algorithm).

ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) (ECDHE)

Security

A key exchange algorithm used in TLS that provides forward secrecy using elliptic curve cryptography. Each connection generates unique keys, so compromising the server's private key cannot decrypt past traffic.

Updated Mar 17, 2026

Full Explanation

ECDHE is the key exchange algorithm used in virtually every modern TLS connection. It lets the client and server agree on a shared secret over an insecure channel without ever transmitting the secret itself. The "ephemeral" part is what matters most: new keys are generated for every connection and discarded after use.

Here's why ephemeral keys matter. With older key exchange methods (static RSA), the server's long-lived private key was used directly to decrypt the session. If that key was ever compromised (stolen, leaked, or obtained via court order), an attacker could decrypt all previously recorded traffic. With ECDHE, each session uses a fresh key pair. Even if someone steals the server's private key, they can't decrypt past sessions. This property is called forward secrecy (or perfect forward secrecy).

The math uses elliptic curves, which provide the same security strength as traditional Diffie-Hellman but with much smaller key sizes. A 256-bit elliptic curve key provides roughly the same security as a 3072-bit RSA key. Smaller keys mean less computation and less data transmitted during the handshake, which directly impacts TLS connection time on CDN edges handling millions of handshakes per second.

In TLS 1.3, ECDHE is the only key exchange method. TLS 1.3 removed static RSA key exchange entirely, making forward secrecy mandatory. TLS 1.2 supports both, but all modern configurations prefer ECDHE cipher suites. If you see a cipher suite name like TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, the ECDHE part is the key exchange, RSA is for authentication (verifying the server's identity), and AES-GCM is the symmetric cipher used after key exchange.

CDN edges perform an enormous number of ECDHE operations. Cloudflare reports billions of TLS handshakes per day. The two most common curves are X25519 (fast, modern, designed by djb) and P-256 (NIST standard, widely supported). X25519 is faster and preferred by most CDNs. Some CDN providers use hardware acceleration or custom implementations to handle the load.

For CDN operators, the ECDHE overhead is real but manageable. On modern hardware with AES-NI and optimized elliptic curve implementations, an ECDHE key exchange adds about 1ms of server-side computation. TLS session resumption (via session tickets or PSK) avoids repeating the full key exchange on subsequent connections, reducing the overhead to near zero for returning visitors.

Examples

# Check which key exchange a site uses
openssl s_client -connect example.com:443 \
  -servername example.com 2>/dev/null | \
  grep -E 'Server Temp Key|Cipher'
# Server Temp Key: X25519, 253 bits
# Cipher: TLS_AES_256_GCM_SHA384 (TLS 1.3)

# List ECDHE cipher suites available
openssl ciphers -v 'ECDHE' | head -10
# ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2  Kx=ECDH  Au=RSA  ...
# ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2  Kx=ECDH  Au=ECDSA  ...

# Nginx: configure strong ECDHE cipher suites
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_ecdh_curve X25519:prime256v1;
ssl_prefer_server_ciphers on;

# Test forward secrecy with curl
curl -v https://example.com 2>&1 | grep 'SSL connection'
# SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384

# Generate ECDHE key pair (for understanding)
openssl ecparam -genkey -name prime256v1 -out ec_key.pem
openssl ec -in ec_key.pem -text -noout | head -5

Frequently Asked Questions

# Check which key exchange a site uses
openssl s_client -connect example.com:443 \
  -servername example.com 2>/dev/null | \
  grep -E 'Server Temp Key|Cipher'
# Server Temp Key: X25519, 253 bits
# Cipher: TLS_AES_256_GCM_SHA384 (TLS 1.3)

# List ECDHE cipher suites available
openssl ciphers -v 'ECDHE' | head -10
# ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2  Kx=ECDH  Au=RSA  ...
# ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2  Kx=ECDH  Au=ECDSA  ...

# Nginx: configure strong ECDHE cipher suites
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_ecdh_curve X25519:prime256v1;
ssl_prefer_server_ciphers on;

# Test forward secrecy with curl
curl -v https://example.com 2>&1 | grep 'SSL connection'
# SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384

# Generate ECDHE key pair (for understanding)
openssl ecparam -genkey -name prime256v1 -out ec_key.pem
openssl ec -in ec_key.pem -text -noout | head -5

Related CDN concepts include:

TLS (Transport Layer Security) (TLS) — The encryption protocol that secures HTTPS connections. TLS encrypts data in transit between client and …
ECDSA (Elliptic Curve Digital Signature Algorithm) (ECDSA) — A digital signature algorithm using elliptic curve cryptography for TLS certificate authentication. Produces smaller, faster …

Previous Term DVR Window

Next Term ECDSA (Elliptic Curve Digital Signature Algorithm)

Back to Glossary