who is responsible, these weekend delays are problematic
for online security, since vulnerabilities (and the attackers
who exploit them) do not take weekends off.
Heartbleed-induced revocations. Similar to certificate
reissues, not all certificate revocations after April 7, 2014
are necessarily due to Heartbleed (e.g., the site could have
exposed their private key due to a different vulnerability).
We therefore define a Heartbleed-induced revocation to be a
certificate revocation where the certificate had a Heartbleed-induced reissue (see Section 4. 3).
Overall, we observe 14,726 Heartbleed-induced revocations; this corresponds to 40% of all Heartbleed-induced
reissued certificates. Thus, 60% of all certificates that were
reissued due to Heartbleed were not revoked, implying that,
if the certificate’s private key was actually stolen, the attacker
still would be able to impersonate the victim without any clients being able to detect it.
Figure 5 presents the fraction of sites that have at least
one Heartbleed-induced certificate revocation, as a function
of Alexa rank. Similar to reissues, sites with high rank are
slightly more likely to revoke. Ideally, the two lines in Figure 5
should be coincident, that is, all sites reissuing certificates
due to Heartbleed should also have revoked the retired certificates. This result highlights a serious gap in security best-practices across all of the sites in the Alexa Top-1M.
Finally, we examine revocation delay, or the number
of days between when a certificate is reissued and it is
revoked. Figure 7 presents the cumulative distribution of
the revocation delay for both Heartbleed-induced and non-Heartbleed-induced revocations. To make the distributions
comparable, we only look at differences between – 10 and
10 days (recall that Heartbleed-induced reissues and revocations can only occur after April 7, 2014, limiting that
distribution). We observe that Heartbleed-induced revocations appear to happen slightly more quickly, though not
to the extent one might expect, given the urgent nature of
the vulnerability. We also observe that revocation almost
always happens after reissue, which makes sense, since this
preserves the availability of HTTPS websites. This result
contradicts previous assumptions5 that revocations and
reissues occur simultaneously.
Expirations are not enough. To demonstrate how long the
effects of the Heartbleed vulnerability will be felt if sites do
not revoke their vulnerable certificates, we analyze vulner-
able certificates that, by the end of our data collection, were
In other words, these certificates are vulnerable because
their private keys could have been stolen by attackers.
Overall, we find 107,712 vulnerable certificates. Of these,
only 28,652 ( 26.7%) have been reissued as of April 30. The
remaining 79,060 ( 73.3%) vulnerable certificates that have
not been reissued come from 55,086 different Alexa Top-1M
domains. Thus, the vast majority of SSL certificates that
were potentially exposed by the Heartbleed bug remain in-use over three weeks after the vulnerability was announced.
4. 4. Certificate revocation
We now turn to investigating certificate revocation before,
during, and after the revelation of Heartbleed. Recall that it
is critical that a vulnerable certificate be revoked: even if a
site reissues a new certificate, if an attacker gained access
to the vulnerable certificate’s private key, then that attacker
will be able to impersonate the owner until either the certificate expires or is revoked. We study both revocation and
expiration here, and correlate them with rates of reissue.
Overall revocation rates. Figure 3 shows the number of
certificate revocations over time. As noted above, the average
jumps from 29 revocations per day to 1,414 post-Heartbleed.
However, the spike on April 16, 2014 is somewhat misleading, as it was largely due to the mass-revocation of 19,384
CloudFlare certificates. 18
To mitigate this issue, we plot in Figure 6 the number
of unique domains that revoked at least one certificate over
time. We make three interesting observations: First, the magnitude of the Heartbleed-induced spike is greatly reduced,
but we still observe an up-to-40-fold increase in the number
of domains issuing revocations per day. Second, we observe
that the number of domains issuing revocations falls closer
to its pre-Heartbleed level by April 28, suggesting that within
3 weeks most of the domains that will revoke their certificate in
direct response to Heartbleed already have.
Third, we observe three “dips” in the post-Heartbleed
revocation rate on April 13, April 20, and April 27—all
weekends, indicating that far fewer revocations occur on
the weekend relative to the rest of the week. This periodicity can also be (less-easily) observed in the pre-Heartbleed
time frame. It is reasonable to assume revocations dip on
weekends because humans are involved in the revocation
process, however it is not clear who is responsible for the
delays: is it site administrators or CRL maintainers at CAs
(or both) who are not working on weekends? Regardless of
Figure 6. The rate of domains revoking certificates spiked after
Heartbleed, but dropped closer to normal after three weeks.
03/06 03/13 03/20 03/27 04/03 04/10 04/17 04/24 05/01
Figure 7. Heartbleed-induced revocations were issued slightly faster
than other revocations.
− 10 − 5 0 5 10
Days from reissue to revocation