How do SAN Certs degrade performance?

Question

I have heard that when lots of names get added to a single SAN Cert (Subject Alternative Name) performance starts to degrade.

Can someone explain how SAN certs are processed so I understand what causes the performance cost as names on the SAN increases?

I've never heard of SAN entries degrading performance (other than the obvious slight increase in bandwidth to transfer the cert, and overhead of processing each entry; those shouldn't amount to anything worth mentioning unless you're trying to put millions of SANs in the same cert). Care to disclose your reference? — Chris S, Nov 29 '12 at 15:39
On a call with Comodo they told us this was the case (starts to degrade over a hundred or so). I was guessing it was maybe "processing each entry", but I'm not sure of the processing flow there -- hence my question. — Kyle Brandt, Nov 29 '12 at 15:49
It's just a `for` loop, to see if the host matches one of the SANs. 50 SANs, no problem. 5,000,000 SANs, problem. — Michael Hampton, Nov 29 '12 at 15:49
Sounds like a ploy to get customers to buy more certificates instead to me. Do you actually have a use case for that many 'SAN'S? I've only really used it for the ability to use www/no www, and for exchange servers where i've had the external url, the internal server address and autodiscover. I can't see any SSL provider being happy providing a cert that covers 100's of names. A wildcard would be easier but that doesn't cover names with 'more dots'. — USD Matt, Nov 29 '12 at 16:03
@USDMatt They usually charge extra for the SANs, so it shouldn't matter to them either way (a wildcard is commonly cheaper than a many-SAN cert too). — Chris S, Nov 29 '12 at 16:16
Guys, please remember when downvoting a question to leave a comment explaining why. — Peter Grace, Nov 29 '12 at 16:16
I'm testing some self-signed SANs now, can't get a measurable difference with HAProxy as the server and CURL/WGET as the clients with 2.5k names. Tried 20k names but got `(35) error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size` — Kyle Brandt, Nov 29 '12 at 16:27
@PeterGrace [Is it now discouraged to ask for reasons for downvotes as a comment?](http://meta.stackexchange.com/questions/74559) — Chris S, Nov 29 '12 at 17:05

score 6 · Answer 1 · edited Mar 05 '13 at 15:14

Some superficial testing does seem to suggest that I am being fed a bunch of malarky.

I generated the cert like so:

openssl genrsa -out www.domain.tld.key 2048

[kbrandt@alpine: ~/sancrt] openssl req -new -key www.domain.tld.key -out www.domain.tld.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:NY
Locality Name (eg, city) []:New York
Organization Name (eg, company) [Internet Widgits Pty Ltd]:LOTA-SAN
Organizational Unit Name (eg, section) []:SANSRUS
Common Name (e.g. server FQDN or YOUR name) []:www.domain.tld
Email Address []:kyle@SANRUS.com
....

echo -n "subjectAltName=DNS:www.domain.tld," > www.domain.tld.cnf;for i in {1..2500}; do echo -n "DNS:www$i.domain.tld,"; done >> www.domain.tld.cnf   

#manually delete comma at the end of the .cnf

openssl x509 -req -days 365 \
>   -in www.domain.tld.csr \
>   -signkey www.domain.tld.key \
>   -text \
>   -extfile  www.domain.tld.cnf \
>   -out www.domain.tld.crt
Signature ok
subject=/C=US/ST=NY/L=New York/O=LOTA-SAN/OU=SANSRUS/CN=www.domain.tld/emailAddress=kyle@SANRUS.com
Getting Private key

cat *.key *.crt > sillysan.pem

When I try curl and wget I can't get any noticible differences:

time curl -ssl3 --noproxy \* -D - --insecure http://www2500.domain.tld
curl -ssl3 --noproxy \* -D - --insecure http://www2500.domain.tld  0.01s user 0.00s system 69% cpu 0.012 total

Results are the same with www vs www2500. I guess it is possible that --insecure bypasses the checking altogether, but for now I'm going to give the standard stamp of a very unscientific test:

enter image description here

How do SAN Certs degrade performance?

1 Answers1