Using SASL

SASL is a method that allows identification to services (NickServ) during the connection process, before anything else happens - therefore eliminating the need to /msg NickServ identify. To use SASL, you must register your nickname. This includes following the emailed instructions to verify the address on your account.

Libera.Chat requires the use of SASL for certain IP ranges.

SASL is not the same thing as SSL or TLS. You should also use TLS to connect.

SASL Client Configuration

We have instructions on how to configure SASL for some clients, below. If asked to choose an authentication mechanism, be aware that Libera.Chat does not support DH-BLOWFISH

• AdiIRC
• AndroIRC
• catgirl
• Chatzilla
• Emacs ERC
• EPIC5
• glirc
• HexChat
• IceChat
• irssi
• Konversation
• KVIrc
• LimeChat
• mIRC
• Pidgin
• Quassel
• Revolution
• Textual
• WeeChat
• ZNC
• IRCCloud

If you know of any additions or corrections to the lists above, or would like to contribute a script or (better) documentation, contact us on IRC.

Documentation on how to create certificates and add their fingerprints to NickServ for SASL EXTERNAL can be found in the article on NickServ and certificates.

SASL access only IP ranges

Some IP address ranges are configured to require SASL authentication to an existing NickServ account with a verified email address. Connections from these ranges will be refused with the message SASL access only. You can follow the instructions above to configure many commonly used clients.

If your home internet providers are restricted, consider using public access wifi hotspots such as those provided by most libraries and many school or work campuses. If you are concerned about access point privacy, you can change your password once you are on a network you trust.

Connecting bots which lack SASL support from SASL access only ranges can be achieved if you connect the bot via a bouncer that does support SASL authentication. ZNC is a popular bouncer that supports SASL.

SASL access only restrictions are typically applied to address ranges that are the source of frequent policy violations due to providing easy access to dynamic addresses to a wide range of users. These ranges are typically used by VPN, cloud-computing, and mobile network providers. These restrictions are not targeted at individual users.

Based on content © 2016-2021 freenode/web7.0’s contributors under Creative Commons BY-NC-SA