[irc/freenode/web-7.0.git] / content / news / 2016-09-18-resurrecting-tor-2.md

---
Title: Resurrecting Tor, continued
Author: christel
Date: 2016-09-18T20:18+01:00
Slug: tor-online
---

Following an embarrassingly long period of no Tor support, we [recently
blogged](news/2016-09-05-tor-sasl) about resurrecting Tor.

As of today, Tor users can once more connect to freenode over Tor; the hidden
service address is

    freenodeok2gncmy.onion

The hidden service requires SASL authentication, as before. In addition, due to
the abuse that led Tor access to be disabled in the first place, we have
unfortunately had to add another couple of restrictions:

- You must log in using SASL's `EXTERNAL` or `ECDSA-NIST256P-CHALLENGE` (more
	below)
- If you log out while connected via Tor, you will not be able to log in without
	reconnecting.

If you haven't set up the requisite SASL authentication, we recommend SASL
EXTERNAL. You'll need to generate a client certificate:

    openssl req -x509 -sha256 -new -newkey rsa:4096 -days 1000 -nodes -out freenode.pem -keyout freenode.pem

and consult your IRC client's documentation to find out how to use it to
connect. Connect to freenode over TLS on the plain Internet and `/msg NickServ
CERT ADD` to authorise it to your account.

You'll then want to tell your client to try the `EXTERNAL` mechanism. We lack
comprehensive documentation for this, but it's a feature in most modern
clients—check their docs for instructions for now.

It's currently not possible to register an account for use with Tor without
connecting at least once over the Internet. We're investigating our options, and
would like to provide a solution to this in the future.
Commit	Line	Data
a182a3f1 EK	1	---
	2	Title: Resurrecting Tor, continued
	3	Author: christel
	4	Date: 2016-09-18T20:18+01:00
	5	Slug: tor-online
	6	---
	7
ce681a41	8	Following an embarrassingly long period of no Tor support, we [recently
a182a3f1 EK	9	blogged](news/2016-09-05-tor-sasl) about resurrecting Tor.
	10
	11	As of today, Tor users can once more connect to freenode over Tor; the hidden
	12	service address is
	13
	14	freenodeok2gncmy.onion
	15
	16	The hidden service requires SASL authentication, as before. In addition, due to
	17	the abuse that led Tor access to be disabled in the first place, we have
	18	unfortunately had to add another couple of restrictions:
	19
fb34c242	20	- You must log in using SASL's `EXTERNAL` or `ECDSA-NIST256P-CHALLENGE` (more
a182a3f1 EK	21	below)
	22	- If you log out while connected via Tor, you will not be able to log in without
	23	reconnecting.
	24
	25	If you haven't set up the requisite SASL authentication, we recommend SASL
	26	EXTERNAL. You'll need to generate a client certificate:
	27
452631f4	28	openssl req -x509 -sha256 -new -newkey rsa:4096 -days 1000 -nodes -out freenode.pem -keyout freenode.pem
a182a3f1 EK	29
	30	and consult your IRC client's documentation to find out how to use it to
	31	connect. Connect to freenode over TLS on the plain Internet and `/msg NickServ
	32	CERT ADD` to authorise it to your account.
	33
	34	You'll then want to tell your client to try the `EXTERNAL` mechanism. We lack
	35	comprehensive documentation for this, but it's a feature in most modern
	36	clients—check their docs for instructions for now.
	37
	38	It's currently not possible to register an account for use with Tor without
	39	connecting at least once over the Internet. We're investigating our options, and
	40	would like to provide a solution to this in the future.