2 No version of TropicSSL has been certified under FIPS 140. This is unlikely to
3 happen unless/until an organization is willing to fund and shepherd the
4 validation process, which typically requires several months and many thousands
7 TropicSSL has not undergone external auditing for security vulnerbilities or
8 other related issues. While best industry accepted security practices have been
9 folloed by the authors in regards to securing the code against security
10 vulnerbilities, up to and including timing and other side-channel attacks, there
11 are no guarantees that any such issues do not exist. These issues can be serious
12 and may fully compromise your application or installation.
14 Security vulnerbilities and discussions will be posted on the TropicSSL mailing
15 list, which can be found at:
17 http://groups.google.com/group/tropicssl
19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
20 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
23 ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
26 ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.