...
Yes - the device can be configured securely manually for this EAP type
Deficient - the device lacks important security features, but workarounds exist which can make its use safe
Insecure - the device can be configured manually for this EAP type, but not all security parameters can be set up
...
? - Unknown
TPS - supported with thirdThird-pary software Party Software (possibly commercial)
Compatibility Matrix
Device/OS Vendor | Device/OS | Version | TTLS-PAP | PEAP | TTLS-MSCHAPv2 | TLS | PWD | TTLS-GTC |
---|
FAST | ||
---|---|---|
Android | tested on: Samsung Galaxy S2 Huawei Sonic u8650 | 2.3 |
Deficient[1] | Deficient[1] |
Deficient[1] |
Deficient[1] | ? |
Deficient[1] | ? | |
Android | tested on: Motorola Xoom2 | 4.0 |
+ | Deficient[1] | Deficient |
[1] |
Deficient[1] | Deficient[1] | ? |
Deficient[1] | ? | ||||||||
Apple | iPhone | iOS 4.0+ | CAT | CAT | CAT | Yes | No | Yes | Yes |
Apple | iPad | iOS 4.0+ | CAT | CAT | CAT | Yes | No | Yes | Yes |
Apple | iPod touch | iOS 4.0+ | CAT | CAT | CAT | Yes | No | Yes | Yes |
Apple | Mac OS X | 10.7+ | CAT | CAT | CAT | Yes | No | ? | Yes |
Apple | Mac OS X | 10.4-10.6 | Yes[4] | Yes[4] | Yes[4] | Yes[4] | No | ? | Yes[4] |
Blackberry | Playbook OS | 2 | Yes | ? | ? | ? | ? | ? | ? |
Linux | NetworkManager |
CAT | CAT | CAT | CAT |
No | ? | ? |
Linux | wpa_supplicant |
CAT | CAT | CAT | CAT | Yes[2] | Yes | Yes | |
Microsoft | Windows | XP SP3 |
TPS | Yes |
TPS | Yes | No | TPS | TPS | ||
Microsoft | Windows | Vista | TPS | CAT | TPS | CAT |
CAT | TPS |
TPS | ||||||
Microsoft | Windows | 7 | TPS | CAT | TPS | CAT |
CAT | TPS |
Yes
TPS | |||||||||
Microsoft | Windows | 8 / 8.1 | CAT | CAT | CAT | CAT | CAT | ? | ? |
Microsoft | Windows | 10 | CAT | CAT | CAT | CAT | CAT | ? | ? |
Microsoft | Windows Phone | 7.x | No | Insecure[3] | ? | No |
? | ? | ? | |||||||
Microsoft | Windows Phone | 8.x | No | Deficient[1] | ? | ? | ? | ? | ? |
Microsoft | Xbox | all | No | No | No | No | No | No | No |
Microsoft | XBoxONE | all | No | No | No | No | No | No | No |
Nokia | Symbian OS | Series 6 | No | Yes |
? | Yes | ? | Yes | No |
Nokia | Symbian OS | 9.x | Yes | Yes |
? | Yes | ? | Yes | No | |||||
Sony | Playstation3 (PS3) | all | No | No | No | No | No | No | No |
Sony | Playstation4 (PS4) | all | No | No | No | No | No | No | No |
Jolla |
Sailfish OS | 2 | Yes | Yes |
Yes | Yes | ? | ? | ? |
[1] Installation and pinpointing of CA possible; verification of expected server name (CN) not possible. A secure configuration is only possible if the Identity Provider deploys a private CA which issues exclusively server certificates for his own eduroam EAP servers. All other Identity Provider deployments are INSECURE.
[2] Version 1.0 or higher required
[3] Verifying that the server is signed by the proper CA is not possible; this means users will not be able to detect fake hotspots and might send their username/password to an unauthorised third party.
[4] Only with 10.6.x (Snow Leopard) and later does OSX allow the configuration of of CA/server trust settings (Pinning 802.1X to specific CA and RADIUS server CommonName)
Reporting a new device
Please let us know in the "Comments" field what device you have, and what EAP method(s) you have found working. We will update the list periodically.