...
Yes - the device can be configured securely manually for this EAP type
Deficient - the device lacks important security features, but workarounds exist which can make its use safe
Insecure - the device can be configured manually for this EAP type, but not all security parameters can be set up
...
? - Unknown
TPS - supported with thirdThird-pary software Party Software (possibly commercial)
Compatibility Matrix
Device/OS Vendor | Device/OS | Version | TTLS-PAP | PEAP | TTLS-MSCHAPv2 | TLS | PWD | TTLS-GTC |
|---|
FAST | ||
|---|---|---|
| Android | tested on: Samsung Galaxy S2 Huawei Sonic u8650 | 2.3 |
| Deficient[1] | Deficient[1] |
| Deficient[1] |
| Deficient[1] | ? |
| Deficient[1] | ? | |
| Android | tested on: Motorola Xoom2 | 4.0+ |
| Deficient[1] | Deficient[1] |
| Deficient[1] | Deficient[1] | ? |
| Deficient[1] | ? | ||||||||
Apple | iPhone | iOS 4.0+ | CAT | CAT | CAT | Yes | No | Yes | Yes |
Apple | iPad | iOS 4.0+ | CAT | CAT | CAT | Yes | No | Yes | Yes |
Apple | iPod touch | iOS 4.0+ | CAT | CAT | CAT | Yes | No | Yes | Yes |
| Apple | Mac OS X | 10.7+ | CAT | CAT | CAT | Yes | No | ? | Yes |
| Apple | Mac OS X | 10.4-10.6 | Yes[4] | Yes[4] | Yes[4] | Yes[4] | No | ? | Yes[4] |
| Blackberry | Playbook OS | 2 | Yes | ? | ? | ? | ? | ? | ? |
| Linux | NetworkManager |
| CAT | CAT | CAT | CAT | No | ? |
| ? | |
| Linux | wpa_supplicant |
| CAT | CAT | CAT | CAT | Yes[2] |
| Yes | Yes | |
Microsoft | Windows | XP SP3 |
| TPS | Yes |
| TPS | Yes | No | TPS | TPS | ||
Microsoft | Windows | Vista | TPS | CAT | TPS | CAT |
| CAT | TPS |
TPS | ||||||
Microsoft | Windows | 7 | TPS | CAT | TPS | CAT |
| CAT | TPS |
Yes
TPS | |||||||||
| Microsoft | Windows | 8 / 8.1 | CAT | CAT | CAT | CAT | CAT | ? | ? |
| Microsoft | Windows | 10 | CAT | CAT | CAT | CAT | CAT | ? |
| ? | |||
| Microsoft | Windows Phone | 7.x | No |
| Insecure[3] | ? | No | ? | ? | ? | |
| Microsoft | Windows Phone | 8.x | No | Deficient[1] | ? |
| ? | ? | ? | ? | ||||||
| Microsoft | Xbox | all | No | No | No | No | No | No | No |
| Microsoft | XBoxONE | all | No | No | No | No | No | No | No |
Nokia | Symbian OS | Series 6 | No | Yes | ? | Yes | ? | Yes | No |
| Nokia | Symbian OS | 9.x | Yes | Yes | ? | Yes | ? | Yes | No |
| Sony | Playstation3 (PS3) | all | No | No | No | No | No | No | No |
| Sony | Playstation4 (PS4) | all | No | No | No | No | No | No | No |
| Jolla | Sailfish OS | 2 | Yes |
| Yes | Yes | Yes | ? | ? | ? |
[1] Installation and pinpointing of CA possible; verification of expected server name (CN) not possible. A secure configuration is only possible if the Identity Provider deploys a private CA which issues exclusively server certificates for his own eduroam EAP servers. All other Identity Provider deployments are INSECURE.
[2] Version 1.0 or higher required
[3] Verifying that the server is signed by the proper CA is not possible; this means users will not be able to detect fake hotspots and might send their username/password to an unauthorised third party.
[4] Only with 10.6.x (Snow Leopard) and later does OSX allow the configuration of of CA/server trust settings (Pinning 802.1X to specific CA and RADIUS server CommonName)
Reporting a new device
Please let us know in the "Comments" field what device you have, and what EAP method(s) you have found working. We will update the list periodically.