The following list is sorted alphabetically by vendors. The table notes which EAP methods are supported. Legend:
CAT - this device/EAP type combination is supported by eduroam CAT; can probably also be configured securely manually
Yes - the device can be configured securely manually for this EAP type
Deficient - the device lacks important security features, but workarounds exist which can make its use safe
Insecure - the device can be configured manually for this EAP type, but not all security parameters can be set up
No - device is known not to support IEEE 802.1X/EAP
? - Unknown
TPS - supported with Third-Party Software (possibly commercial)
Device/OS Vendor | Device/OS | Version | TTLS-PAP | PEAP | TTLS-MSCHAPv2 | TLS | PWD | TTLS-GTC | FAST |
---|---|---|---|---|---|---|---|---|---|
Android | tested on: Samsung Galaxy S2 Huawei Sonic u8650 | 2.3 | Deficient[1] | Deficient[1] | Deficient[1] | Deficient[1] | ? | Deficient[1] | ? |
Android | tested on: Motorola Xoom2 | 4.0+ | Deficient[1] | Deficient[1] | Deficient[1] | Deficient[1] | ? | Deficient[1] | ? |
Apple | iPhone | iOS 4.0+ | CAT | CAT | CAT | Yes | No | Yes | Yes |
Apple | iPad | iOS 4.0+ | CAT | CAT | CAT | Yes | No | Yes | Yes |
Apple | iPod touch | iOS 4.0+ | CAT | CAT | CAT | Yes | No | Yes | Yes |
Apple | Mac OS X | 10.7+ | CAT | CAT | CAT | Yes | No | ? | Yes |
Apple | Mac OS X | 10.4-10.6 | Yes[4] | Yes[4] | Yes[4] | Yes[4] | No | ? | Yes[4] |
Blackberry | Playbook OS | 2 | Yes | ? | ? | ? | ? | ? | ? |
Linux | NetworkManager | CAT | CAT | CAT | CAT | No | ? | ? | |
Linux | wpa_supplicant | CAT | CAT | CAT | CAT | Yes[2] | Yes | Yes | |
Microsoft | Windows | XP SP3 | TPS | Yes | TPS | Yes | No | TPS | TPS |
Microsoft | Windows | Vista | TPS | CAT | TPS | CAT | CAT | TPS | TPS |
Microsoft | Windows | 7 | TPS | CAT | TPS | CAT | CAT | TPS | TPS |
Microsoft | Windows | 8 / 8.1 | CAT | CAT | CAT | CAT | CAT | ? | ? |
Microsoft | Windows | 10 | CAT | CAT | CAT | CAT | CAT | ? | ? |
Microsoft | Windows Phone | 7.x | No | Insecure[3] | ? | No | ? | ? | ? |
Microsoft | Windows Phone | 8.x | No | Deficient[1] | ? | ? | ? | ? | ? |
Microsoft | Xbox | all | No | No | No | No | No | No | No |
Microsoft | XBoxONE | all | No | No | No | No | No | No | No |
Nokia | Symbian OS | Series 6 | No | Yes | ? | Yes | ? | Yes | No |
Nokia | Symbian OS | 9.x | Yes | Yes | ? | Yes | ? | Yes | No |
Sony | Playstation3 (PS3) | all | No | No | No | No | No | No | No |
Sony | Playstation4 (PS4) | all | No | No | No | No | No | No | No |
Yolla | Sailfish OS | 2 | Yes | Yes | ? | Yes | ? | ? | ? |
[1] Installation and pinpointing of CA possible; verification of expected server name (CN) not possible. A secure configuration is only possible if the Identity Provider deploys a private CA which issues exclusively server certificates for his own eduroam EAP servers. All other Identity Provider deployments are INSECURE.
[2] Version 1.0 or higher required
[3] Verifying that the server is signed by the proper CA is not possible; this means users will not be able to detect fake hotspots and might send their username/password to an unauthorised third party.
[4] Only with 10.6.x (Snow Leopard) and later does OSX allow the configuration of of CA/server trust settings (Pinning 802.1X to specific CA and RADIUS server CommonName)
Please let us know in the "Comments" field what device you have, and what EAP method(s) you have found working. We will update the list periodically.