> This is incomplete. TLS does allow for ciphers that enable
> Perfect Forward Secrecy (PFS) to prevent this.
Sure, it was simplified. I can't remember exactly what the support was like for PFS? And given it probably requires additional exchange for DH, I imagine it would be disabled due to resources reasons.
There is this study back from 2013 (claimed by OP early days of da internetz) which says that out of 1M top sites, 74.5% of those that support SSL/TLS also supported DH/DHE (supported the perfect forward secrecy).
It was a substantial rise comparing to 2006 survey that got 57.5%.
AFAIK the contemporary browser versions preferred DH/EDH as soon as they got them.
