Perfect Forward Secrecy: Default ciphers and Chrome
I assumed that with the right OpenSSL and with default ciphers, that a connection from Chrome would negotiate using ECDHE.
The default ciphers are: ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL
But I think that with those Chrome settles for AES128-GCM-SHA256, see: https://www.ssllabs.com/ssltest/viewClient.html?name=Chrome&version=39&platform=OS%20X.
Adding ECDHE-RSA-AES128-GCM-SHA256 to the default ciphers list would fix this.
I don't know if this is an issue or not, but I think it would be great if io.js servers supported perfect forward secrecy on most major browsers out of the box.