Actually that was @jcjones. I'm not aware of specific browser issues with large SAN certs, and I think browsers can indeed go much higher.
This is a good data point in terms of possibly raising the SAN limit. Of course, it's hard to say what a reasonable threshold is. At high numbers we may start running into issues where performance characteristics are highly skew. For instance, the issuedNames
table in Boulder is an N : 1 mapping of names to certificates. Having the constraint that N maxes out at 100 is nice because it bounds the size of certain queries. If we let N get very very large we might start to see some queries exceed their time out.
At any rate, thanks for the report, and we'll think about it!