Peformance: Does SSL trust chain order matter? [closed]

Question

From what i can tell i can stack the "add trust" certificates in any oder when i put them together into my domain.crt file before installing it on the server. I guess that most browsers can parse through these files and figure out what the correct order of the chain should be. But in terms of performance, is the a correct way to stack them, that will cause the browsers to take less time to analyze the certificate?

For example, a certificate i just installed had the following files that needed to be combined.

domain_com.crt
COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt

Is this the best order to concatenate them to the file, assuming the contents of the first filename shows up at the top of the file?

Answer 1

It's not just a matter of performance, but a matter of compliance with the TLS specifications.

I guess that most browsers can parse through these files and figure out what the correct order of the chain should be.

Some browsers may be tolerant, but the TLS specification explicitly says that you MUST present the certificate chain in the right order:

   certificate_list
      This is a sequence (chain) of certificates.  The sender's
      certificate MUST come first in the list.  Each following
      certificate MUST directly certify the one preceding it.  Because
      certificate validation requires that root keys be distributed
      independently, the self-signed certificate that specifies the root
      certificate authority MAY be omitted from the chain, under the
      assumption that the remote end must already possess it in order to
      validate it in any case.

I suppose some servers could re-arrange the certificate chain in the right order when reading their configuration before sending their cert chain (in which case there might still be an performance issue), but this isn't always the case.

I haven't tried to configure Nginx with a chain in the wrong order, but I know Apache Httpd will send the chain exactly as configured (so in the wrong order if it's configured in the wrong order). In doubt, I'd suggest to configure your server with the chain in the right order to make sure it's compliant with the TLS specification.

Answer 2

Given that the whole file will be loaded into memory, and (I suspect) all certs will be parsed in any case (and probably put in a hashtable), I would be astounded if it would much of a difference (where a unit of difference is defined for the purposes of this post and the pedantic web as "the time it takes to read the file off disk). This assumes that the number of certs in a file is 4, rather than, say, 4,000.