Security

If you have a security problem to report, please email us at both <maintainer@…> and at <p.j.bakker@…>. We adhere to the Rain Forest Puppy Full Disclosure Policy (RFPolicy) v2.0 and we ask you to do the same. In particular, please do not mail security issues to public lists unless we do not get back to you in a timely manner.

We remind PolarSSL users that under the terms of the GNU General Public License, PolarSSL comes with ABSOLUTELY NO WARRANTY. This license is included in the distribution.

Version 1.0.0 and earlier of the PolarSSL library use HAVEGE by default and possibly have reduced quality of random numbers within virtualized environments. For more detail see Security Advisory 2011-02.

Version 0.14.0 and earlier, and version 0.99-pre1 of the PolarSSL library were vulnerable to a possible man-in-the-middle attack. For more detail see Security Advisory 2011-01.