freenode provides SSL client access on all servers, on ports 6697, 7000 and
7070. Users connecting over SSL will be given user mode +Z, and _is using a
-secure connection_ will appear in WHOIS (a 671 numeric). Webchat users will not
-currently appear with +Z or the 671 numeric, even if they connect to webchat
-via SSL.
+secure connection_ will appear in WHOIS (a 671 numeric).
In order to verify the server certificates on connection, some additional work
may be required. First, ensure that your system has an up-to-date set of root
ajnvpgl6prmkb7yktvue6im5wiedlz2w32uhcwaamdiecdrfpwwgnlqd.onion
-If you are using an old version of Tor (before 0.3.5) that does not support
-v3 addresses, you should instead use the following address:
-
- freenodeok2gncmy.onion
-
The hidden service requires SASL authentication. In addition, due to the abuse
that led Tor access to be disabled in the past, we have unfortunately had to
add another couple of restrictions:
### Verifying Tor TLS connections
-**A Tor hidden service name securely identifies the service you are connecting to. Verifying the TLS server certificate is strickly-speaking unnecessary while using the hidden service.** Nonetheless the following methods can be used to verify the hidden service's TLS server certificate.
+A Tor hidden service name securely identifies the service you are connecting to. Verifying the TLS server certificate is strickly-speaking unnecessary while using the hidden service. Nonetheless the following methods can be used to verify the hidden service's TLS server certificate.
-The best way to ensure the TLS server-side certificate successfully validates is to add the following fragment to your `torrc` configuration file and configure your client to connect to `zettel.freenode.net`. The TLS server certificate used by the hidden service will validate using this hostname.
+The best way to ensure the TLS server-side certificate successfully validates is to add the following fragment to your `torrc` configuration file and configure your client to connect to `zettel.freenode.net` via Tor. The TLS server certificate used by the hidden service will validate using this hostname.
# torrc snippet:
MapAddress zettel.freenode.net ajnvpgl6prmkb7yktvue6im5wiedlz2w32uhcwaamdiecdrfpwwgnlqd.onion