Currently our PKIX CertPathBuilder implements two modes for validating certification paths, a "forward" mode (where the certificates in the certification path are presented in the forward direction), and a "reverse" mode where they are presented in the reverse order. However, we only support the forward mode via the public API. Thus, we could basically remove the "reverse" builder code. I don't know of any customers using this mode, though we do have tests for it that would also need to be removed. Alternatively, we could move the reverse mode implementation to the optional provider, but I really don't see a lot of value in doing that since it is an unsupported, undocumented feature right now.
Potential Savings: probably between 30-40K