diff --git a/_posts/2015-03-26-weechat-sasl-simply.md b/_posts/2015-03-26-weechat-sasl-simply.md
new file mode 100644
index 0000000..080d727
--- /dev/null
+++ b/_posts/2015-03-26-weechat-sasl-simply.md
@@ -0,0 +1,65 @@
+---
+layout: post
+comments: true
+title: "WeeChat: easy instructions for using SASL"
+category: [english]
+tags: [irc, english]
+---
+
+This seems to confuse many WeeChat users, so I will try to explain it more
+simply as I am repeating myself everywhere about this same thing.
+
+SASL is mechanism for identifying to services at IRC automatically even
+before you are visible to the network.
+
+* * * * *
+
+First set mechanism as plain if you have it as anything else. Many people
+have it as DH- something which are insecure and is removed from more modern
+services packages. More about that:
+
+* https://nullroute.eu.org/~grawity/irc-sasl-dh.html
+* http://kaniini.dereferenced.org/2014/12/26/do-not-use-DH-AES-or-DH-BLOWFISH.html
+
+```
+/set irc.server_default.sasl_mechanism PLAIN
+```
+
+PLAIN is simple "login using username and password" mechanism that sends
+the username and password in plaintext which isn't an issue if you also use
+SSL like you should.
+
+Then simply set your username and password
+
+```
+/set irc.server.NETWORK.sasl_username REGISTERED_NICKNAME
+/set irc.server.NETWORK.sasl_password PASSWORD
+```
+
+*Replace NETWORK with the name of network that you have in WeeChat, for
+example `freenode`.*
+
+And now after `/reconnect` you should be identified automatically using
+SASL, but you might also ensure that you use SSL.
+
+## Using SSL
+
+Change your address to use SSL port and enable SSL for the network:
+
+```
+/set irc.server.freenode.addresses chat.freenode.net/6697
+/set irc.server.freenode.ssl on
+```
+
+*6697 is the [standard SSL port](https://tools.ietf.org/html/rfc7194).*
+
+Freenode has valid SSL certificate, but if it didn't, you would have two
+choises:
+
+1. Trust the fingerprints manually using
+   `irc.server.NETWORK.ssl_fingerprint`, see [this post].
+2. Disable SSL certificate checking using
+   `/set irc.server.NETWORK.ssl_verify off` **NOT RECOMMENDED**, see
+   [this post].
+
+[this post]:../../02/24/znc160-ssl.html