Analysis of SSL Certificate
Reissues and Revocations
in the Wake of Heartbleed
By Liang Zhang, David Choffnes, Tudor Dumitraş, Dave Levin, Alan Mislove, Aaron Schulman, and Christo Wilson
A properly managed public key infrastructure (PKI) is
critical to ensure secure communication on the Internet.
Surprisingly, some of the most important administrative
steps—in particular, reissuing new X.509 certificates and
revoking old ones—are manual and remained unstudied,
largely because it is difficult to measure these manual processes at scale.
We use Heartbleed, a widespread OpenSSL vulnerability
from 2014, as a natural experiment to determine whether
administrators are properly managing their certificates. All
domains affected by Heartbleed should have patched their
software, revoked their old (possibly compromised) certificates, and reissued new ones, all as quickly as possible. We
find the reality to be far from the ideal: over 73% of vulnerable
certificates were not reissued and over 87% were not revoked
three weeks after Heartbleed was disclosed. Our results
also show a drastic decline in revocations on the weekends,
even immediately following the Heartbleed announcement.
These results are an important step in understanding the
manual processes on which users rely for secure, authenticated communication.
Server authentication is the cornerstone of secure communication on the Internet; it is the property that allows
client applications such as online banking, email, and
e-commerce to ensure the servers with whom they communicate are truly who they say they are. In practice,
server authentication is made possible by the globally
distributed Public Key Infrastructure (PKI). The PKI leverages cryptographic mechanisms and X.509 certificates to
establish the identities of popular websites. This mechanism works in conjunction with other network protocols—
particularly Secure Sockets Layer (SSL) and Transport Layer
Security (TLS)—to provide secure communications, but the
PKI plays a key role: without it, a browser could establish
a secure connection with an attacker that impersonates a
The secure operation of the web’s PKI relies on responsible administration. When a software vulnerability is discovered, administrators must act quickly and deploy the
patch to prevent attackers from exploiting the vulnerability.
Similarly, after a potential key compromise, website admin-
istrators must revoke the corresponding certificates to pre-
vent attackers from intercepting encrypted communications
between browsers and servers. A recent study suggests
0.2% of SSL connections to Facebook correspond to such
man-in-the-middle attacks. 10 After considerable research
into understanding and improving the speed at which
software is patched, 14, 22 much of software patching has
become automated. However, the web’s PKI requires a sur-
prising amount of manual administration. To revoke a cer-
tificate, website administrators must send a request to their
Certificate Authority (CA), and this request may be manually
reviewed before the certificates are finally added to a list that
browsers (are supposed to) check. Such operations occur at
human timescales (hours or days) instead of computer ones
(seconds or minutes). An important open question is: when
private keys are compromised, how long are SSL clients
exposed to potential attacks?
Historically, these manual processes have been difficult
to measure: how can one measure, at scale, how long these
processes take if we do not know how often, or precisely
when, administrators realize their keys are compromised?
In this paper, we use a widespread security vulnerability
from 2014, Heartbleed, as a natural experiment: the moment
Heartbleed was announced, all administrators of vulnerable servers should have initiated their manual processes
as quickly as possible. 3 This natural experiment allows us
to measure at scale the manual administration of the web’s
PKI. In particular, this paper focuses on the response to
the public announcement of Heartbleed, in terms of how
quickly certificates were reissued and whether or not the
certificates were eventually revoked.
Our results expose incomplete and slow administrative
practices that ultimately weaken the security of today’s PKI.
On the positive side, we also identify ways in which the PKI
can be strengthened. Our hope is that, through better understanding how the PKI operates in practice, the security and
research community can take concrete steps toward improving this system on which virtually all Internet users rely.
In this section, we review the relevant background of SSL/
TLS and the PKI, and we describe the Heartbleed vulnerability that serves as our natural experiment.
The original version of this paper was published in
the 2014 ACM Internet Measurement Conference (IMC’ 14).