]>
Commit | Line | Data |
---|---|---|
a182a3f1 EK |
1 | --- |
2 | Title: Resurrecting Tor, continued | |
3 | Author: christel | |
4 | Date: 2016-09-18T20:18+01:00 | |
5 | Slug: tor-online | |
6 | --- | |
7 | ||
ce681a41 | 8 | Following an embarrassingly long period of no Tor support, we [recently |
a182a3f1 EK |
9 | blogged](news/2016-09-05-tor-sasl) about resurrecting Tor. |
10 | ||
11 | As of today, Tor users can once more connect to freenode over Tor; the hidden | |
12 | service address is | |
13 | ||
14 | freenodeok2gncmy.onion | |
15 | ||
16 | The hidden service requires SASL authentication, as before. In addition, due to | |
17 | the abuse that led Tor access to be disabled in the first place, we have | |
18 | unfortunately had to add another couple of restrictions: | |
19 | ||
fb34c242 | 20 | - You must log in using SASL's `EXTERNAL` or `ECDSA-NIST256P-CHALLENGE` (more |
a182a3f1 EK |
21 | below) |
22 | - If you log out while connected via Tor, you will not be able to log in without | |
23 | reconnecting. | |
24 | ||
25 | If you haven't set up the requisite SASL authentication, we recommend SASL | |
26 | EXTERNAL. You'll need to generate a client certificate: | |
27 | ||
452631f4 | 28 | openssl req -x509 -sha256 -new -newkey rsa:4096 -days 1000 -nodes -out freenode.pem -keyout freenode.pem |
a182a3f1 EK |
29 | |
30 | and consult your IRC client's documentation to find out how to use it to | |
31 | connect. Connect to freenode over TLS on the plain Internet and `/msg NickServ | |
32 | CERT ADD` to authorise it to your account. | |
33 | ||
34 | You'll then want to tell your client to try the `EXTERNAL` mechanism. We lack | |
35 | comprehensive documentation for this, but it's a feature in most modern | |
36 | clients—check their docs for instructions for now. | |
37 | ||
38 | It's currently not possible to register an account for use with Tor without | |
39 | connecting at least once over the Internet. We're investigating our options, and | |
40 | would like to provide a solution to this in the future. |