In my understanding the problem with Heartbleed was the access to memory of previous requests? Isn't it possible to wipe the memory after using it? To use different memory spaces for each request, that are not accessible? If the web server (e.g. apache or nginx) is started with multiple processes, are they still sharing memory containing user information?
My question in short: Is it possible to configure Apache/Nginx/others to use a more secure model of memory access?
Performance reduction wouldn't matter since Heartbleed 2.0 will eventually come and then you just have a quick laugh instead of lots of work.
In Apache you can use the following two commands: