The combination of Diffie-Hellman and the use of ephemeral session keys are what enables “Forward Secrecy”: even if an attacker gains access to the server’s private key they are not able to passively listen in on the active session, nor can they decrypt previously recorded sessions.
Diffie-Hellman Key Exchange
Both A, B create the shared key together.
Prime number g, p will be chosen and let both sides known
A: pick a, and compute g^a mod p, send to B
B: pick b, and compute g^b mod p, send to A
to get the shared key: A do: B^a mod p, and B do: A^b mod p
(ga mod p)b mod p = gab mod p
(gb mod p)a mod p = gba mod p
References
https://www.ibm.com/support/knowledgecenter/mobile/#!/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10660_.htm
http://chimera.labs.oreilly.com/books/1230000000545/ch04.html
http://security.stackexchange.com/questions/45963/diffie-hellman-key-exchange-in-plain-english
