Mikaela Suomalainen
8a0bf993b3
* unset network-specific SASL mechanism so the global PLAIN is used * /save after SASL settings * Note that SSL does nothing until reconnect
2.0 KiB
This seems to confuse many WeeChat users, so I will try to explain it more simply as I am repeating myself everywhere about this same thing.
SASL is mechanism for identifying to services at IRC automatically even before you are visible to the network.
First set mechanism as plain if you have it as anything else. Many people have it as DH- something which are insecure and is removed from more modern services packages. More about that:
- https://nullroute.eu.org/~grawity/irc-sasl-dh.html
- http://kaniini.dereferenced.org/2014/12/26/do-not-use-DH-AES-or-DH-BLOWFISH.html
/set irc.server_default.sasl_mechanism PLAINPLAIN is simple “login using username and password” mechanism that sends the username and password in plaintext which isn’t an issue if you also use SSL like you should.
Then simply set your username and password
/unset irc.server.NETWORK.sasl_mechanism
/set irc.server.NETWORK.sasl_username REGISTERED_NICKNAME
/set irc.server.NETWORK.sasl_password PASSWORD
/saveReplace NETWORK with the name of network that you have in
WeeChat, for example freenode.
And now after /reconnect you should be identified
automatically using SASL, but you might also ensure that you use
SSL.
Using SSL
Change your address to use SSL port and enable SSL for the network:
/set irc.server.freenode.addresses chat.freenode.net/6697
/set irc.server.freenode.ssl on
/saveNote: SSL does nothing until you /reconnect
6697 is the standard SSL port.
Freenode has valid SSL certificate, but if it didn’t, you would have two choises:
- Trust the fingerprints manually using
irc.server.NETWORK.ssl_fingerprint, see this post. - Disable SSL certificate checking using
/set irc.server.NETWORK.ssl_verify offNOT RECOMMENDED, see this post.