Welcome to  — supporting free and open source communities since 1998

Resurrecting Tor, continued

christel on 2016-09-18

Fol­low­ing an em­bar­rass­ing­ly long pe­ri­od of no Tor sup­port, we re­cent­ly blogged about res­ur­rect­ing Tor.

As of to­day, Tor users can once more con­nect to freen­ode over Tor; the hid­den ser­vice ad­dress is


The hid­den ser­vice re­quires SASL au­then­ti­ca­tion, as be­fore. In ad­di­tion, due to the abuse that led Tor ac­cess to be dis­abled in the first place, we have un­for­tu­nate­ly had to add an­oth­er cou­ple of re­stric­tions:

  • You must log in us­ing SASL's EXTERNAL or ECDSA-NIST256P-CHALLENGE (more be­low)
  • If you log out while con­nect­ed via Tor, you will not be able to log in with­out re­con­nect­ing.

If you haven't set up the req­ui­site SASL au­then­ti­ca­tion, we rec­om­mend SASL EX­TER­NAL. You'll need to gen­er­ate a client cer­tifi­cate:

openssl req -x509 -sha256 -new -newkey rsa:4096 -nodes -out freenode.pem -keyout freenode.pem

and con­sult your IRC clien­t's doc­u­men­ta­tion to find out how to use it to con­nect. Con­nect to freen­ode over TLS on the plain In­ter­net and /msg NickServ CERT ADD to au­tho­rise it to your ac­count.

You'll then want to tell your client to try the EXTERNAL mech­a­nism. We lack com­pre­hen­sive doc­u­men­ta­tion for this, but it's a fea­ture in most mod­ern clients—check their docs for in­struc­tions for now.

It's cur­rent­ly not pos­si­ble to reg­is­ter an ac­count for use with Tor with­out con­nect­ing at least once over the In­ter­net. We're in­ves­ti­gat­ing our op­tions, and would like to pro­vide a so­lu­tion to this in the fu­ture.