...
The following list is sorted alphabetically by vendors, starting with A. The table notes which EAP methods are supported. Legend:
CAT - this device/EAP type combination is supported by eduroam CAT; can probably also be configured securely manually
Yes - the device can be configured securely manually for this EAP type
Deficient - the device lacks important security features, but workarounds exist which can make its use safe
Insecure - the device can be configured manually for this EAP type, but not all security parameters can be set up
No - device is known not to support IEEE 802.1X/EAP
? - Unknown
TPS - supported with Third-Party Software (possibly commercial)
Compatibility Matrix
Device/OS Vendor | Device/OS | Version | TTLS-PAP | PEAP | TTLS-MSCHAPv2 | TLS | PWD | TTLS-GTC |
|---|
PEAP
TLS
FAST | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| Android | tested on: Samsung Galaxy S2 Huawei Sonic u8650 | 2.3 | Deficient[1] | Deficient[1] | Deficient[1] | Deficient[1] | ? | Deficient[1] | ? |
| Android | tested on: Motorola Xoom2 | 4.0+ | Deficient[1] | Deficient[1] | Deficient[1] | Deficient[1] | ? | Deficient[1] | ? |
Apple | iPhone | iOS 4.0+ | CAT |
| CAT | CAT | Yes |
| No | Yes | Yes |
Apple | iPad | iOS 4.0+ |
CAT | CAT | CAT | Yes |
| No | Yes | Yes | |||||||
Apple | iPod touch | iOS 4.0+ | CAT | CAT | CAT | Yes | No | Yes | Yes |
| Apple | Mac OS X | 10.7+ | CAT | CAT | CAT | Yes | No | ? | Yes |
| Apple | Mac OS X | 10.4-10.6 | Yes[4] | Yes[4] | Yes[4] | Yes[4] | No | ? | Yes[4] |
| Blackberry | Playbook OS | 2 | Yes | ? | ? | ? | ? | ? | ? |
| Linux | NetworkManager | CAT | CAT | CAT | CAT | No | ? | ? | |
| Linux | wpa_supplicant | CAT | CAT | CAT | CAT | Yes[2] | Yes | Yes | |
Microsoft | Windows | XP SP3 | TPS | Yes | TPS | Yes | No |
| TPS | TPS | |||||
Microsoft | Windows | Vista | TPS | CAT | TPS | CAT |
| CAT |
| TPS | TPS | |||||
Microsoft | Windows | 7 | TPS | CAT | TPS | CAT |
| CAT |
Yes
TPS
| TPS | TPS | ||||||||
| Microsoft | Windows | 8 / 8.1 | CAT | CAT | CAT | CAT | CAT | ? | ? |
| Microsoft | Windows | 10 | CAT | CAT | CAT | CAT | CAT | ? | ? |
| Microsoft | Windows Phone | 7.x | No | Insecure[3] | ? | No | ? | ? | ? |
| Microsoft | Windows Phone | 8.x | No | Deficient[1] | ? | ? | ? | ? | ? |
| Microsoft | Xbox | all | No | No | No | No | No | No | No |
| Microsoft | XBoxONE | all | No | No | No | No | No | No | No |
Nokia | Symbian OS | Series 6 | No | Yes | ? | Yes | ? | Yes | No |
| Nokia | Symbian OS | 9.x | Yes | Yes | ? | Yes | ? | Yes | No |
| Sony | Playstation3 (PS3) | all | No | No | No | No | No | No | No |
| Sony | Playstation4 (PS4) | all | No | No | No |
| No | No | No | No | ||||||
| Jolla | Sailfish OS | 2 | Yes | Yes | Yes | Yes | ? | ? | ? |
[1] Installation and pinpointing of CA possible; verification of expected server name (CN) not possible. A secure configuration is only possible if the Identity Provider deploys a private CA which issues exclusively server certificates for his own eduroam EAP servers. All other Identity Provider deployments are INSECURE.
[2] Version 1.0 or higher required
[3] Verifying that the server is signed by the proper CA is not possible; this means users will not be able to detect fake hotspots and might send their username/password to an unauthorised third party.
[4] Only with 10.6.x (Snow Leopard) and later does OSX allow the configuration of of CA/server trust settings (Pinning 802.1X to specific CA and RADIUS server CommonName)TPS: via Third-Party Software; you may need to install extra software
Reporting a new device
Please let us know in the "Comments" field what device you have, and what EAP method(s) you have found working. We will update the list periodically.