# TORify Weechat

## Enable SASL EXTERNAL

### Create a new certificate TLS. ref

```bash
mkdir ~/.weechat/certs
cd ~/.weechat/certs
openssl req -x509 -new -newkey rsa:4096 -sha256 -days 1000 -nodes -out freenode.pem -keyout freenode.pem
```
 

### Find sha1sum fingerprint.

```bash
openssl x509 -in freenode.pem -outform der | sha1sum -b | cut -d' ' -f1
```

## switch to ssl

Into weechat, we switch to ssl.

```bash
/msg nickserv cert add <sslkeysha1>
/set irc.server.freenode.ssl_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT"
/set irc.server.freenode.ssl_cert "%h/certs/freenode.pem"
/set irc.server.freenode.sasl_mechanism external
/set irc.server.freenode.ssl on
/set irc.server.freenode.addresses "chat.freenode.net/6697"
/reconnect freenode
```
 
## TOR

Finally, to use tor. (tor should run)

```bash
/set irc.server.freenode.addresses "freenodeok2gncmy.onion/7000"
/proxy add tor socks5 127.0.0.1 9050
/set irc.server.freenode.proxy "tor"
```

You have to disable ssl_verify which doesn’t work with TOR.

```bash
/set irc.server.freenode.ssl_verify off
/reconnect freenode
```

### Enhance your privacy

Add somes settings below to weechat. detail from faq

```bash
/set irc.server_default.msg_part ""
/set irc.server_default.msg_quit ""
/set irc.ctcp.clientinfo ""
/set irc.ctcp.finger ""
/set irc.ctcp.source ""
/set irc.ctcp.time ""
/set irc.ctcp.userinfo ""
/set irc.ctcp.version ""
/set irc.ctcp.ping ""
/plugin unload xfer
/set weechat.plugin.autoload "*,!xfer"
```

Save all our works:

```bash
/save
```