On Wed, Mar 04, 2015 at 05:56:03PM +0100, lst_ho...@kwsoft.de wrote:
> Thanks for explaining. As I understand the problem arises from apache (and
> maybe other webservers) generate one EXPORT key which is reused for
> performance reasons until the server process is restarted.
Same as with Postfix, both cache an RSA export key. HOWEVER,
Postfix processes are restarted frequently and on busy servers many
processes run in parallel. This is not the case with HTTP servers,
where a single server process runs indefinitely.
Note that SSL-termination load-balancers may be in scope if they
enable EXPORT cipher-suites and re-use ephemeral keys.
--
Viktor.
