Overview#Diffie-Hellman or RSA The situation can be confused, so let's set things right. Diffie-Hellman key-exchange is a one-roundtrip Key-Exchange algorithm:
- Bob sends his half ("DH public key")
- Alice computes his half, obtains the key, encrypts, sends the whole lot to the Bob
- Alice computes the key, decrypts.
An advantage of Diffie-Hellman over RSA for generating Ephemeral Keys. Generating a new Diffie-Hellman a new Ephemeral Key key pair is extremely fast (provided that some "DH parameters", i.e. the Diffie-Hellman Group into which DH is computed, are reused, which does not entail extra risks, as far as we know). This is not a really big issue for big servers, because a very busy TLS server could generate a new "ephemeral" RSA key pair every ten seconds for a very small fraction of his computing power, and keep it in RAM only, and for only ten seconds, which would be enough for Perfect Forward Secrecy.
Regardless, RSA Ephemeral Key has fallen out of fashion, and, more importantly, out of standardization. In the context of TLS, if you want Perfect Forward Secrecy, you need to use Diffie-Hellman Ephemeral, because that's what is defined and supported by existing TLS implementations.RSA key-exchange and Diffie-Hellman key-exchange are the same Functions. The functions are done differently even though the outcome is the same.
Since these algorithms don't do the same thing, you could prefer one over the other depending on the usage context.