I don't understand half English words I type...
--- Ognjen Milan Robovic
IRC is for the mentally mental and the very well. It serves as a great retard filter, supposedly.
IRC.Xolatile.Top <- Secure Connections Only | Port 6697 | Use TLS 1.2+
You need a client that can connect with SASL (Weechat, irssi, etc.) and must fully set it up BEFORE reconnecting.
You'll have exclusive control over your nick and will have enabled a server-side bouncer.
First you have to register... Use KeePassXC to keep your passwords.
/nick your_nick_forever /msg nickserv registerRecommendation for server-side bouncer settings, bouncer will always print missed messages hereon:
/msg nickserv set AUTOREPLAY-MISSED on /msg nickserv set AUTOREPLAY-LINES 0
Simple plaintext password, the most widely supported and relatively easy to setup.
set sasl_mechanism = plain set sasl_username = nick set sasl_password =# same as registration
Certificate based authentication, more intensive setup. You're objectively cooler for using it.
The generated certificate must be added to your client before you register, or you should supply the following to Weechat.
/set irc.server.xolatile.sasl_fail continue
The following commands are required, this generates a valid certificate and prints the fingerprint which you must copy to your IRC client.
$ openssl genpkey -algorithm ed25519 -out private.pem
$ openssl req -new -x509 -key private.pem -out cert.pem -days 365
# go through the prompt, just hit enter...
$ cat private.pem cert.pem > nick.pem
$ rm private.pem cert.pem
# then get your fingerprint, copy this into your clipboard...
$ openssl x509 -in nick.pem -outform DER | sha256sum -b | awk '{print $1}'
$ mv nick.pem ~/.cert/
Add that fingerprint like this:
/msg nickserv cert add FINGERPRINT
For weechat, you may configure it like this, and in general these are the details you must supply:
set sasl_mechanism = external # overrides sasl configuration and uses client-side tls cert set tls_cert = ~/.cert/nick.pem