[[TOC(noheading, depth=3)]]
'''Written:''' 30-03-2018 (Jaruga)

= Torifying HexChat = 

HexChat (originally forked from [https://en.wikipedia.org/wiki/XChat XChat]) is an open-source, cross-platform internet relay chat client that grew in popularity shortly after the discontinuation of XChat in 2013. It has several security-oriented features such as OTR, an easy-to-use graphical interface, a simplistic window layout and includes all the basic functions of most popular IRC clients. HexChat also has a plugin system with support for various languages that allows for dynamic modifications and extensions.


== Starting up HexChat ==

By default, HexChat automatically loads the "Network List" window on the first launch after installation. To modify your internal proxy settings, HexChat must first attempt to make a connection. You may avoid connecting to a server before configuring Tor by simply clicking the 'Add' button which creates a new, blank network entry. Then click 'Connect'. This will of course fail, and will open the chat window to allow entry to the settings menu.

 Example output:

 [[Image(https://tor.dial.ga/m/hc/hc1.png)]]

== Adding Internal Proxy Settings ==

1. When the chat window opens, click the 'Settings' drop-down menu on the toolbar and select 'Preferences'.
 
 [[Image(https://tor.dial.ga/m/hc/hc2.png)]]

2. When the Preferences window opens, select 'Network Setup' from the leftside menu.

3. Fill the fields under the 'Proxy Server' header like so:

 [[Image(https://tor.dial.ga/m/hc/hc3.png)]]

4. Click OK.

All of HexChats connections will now be routed via Tor. To connect to a specific server without using Tor (due to IP bans or various other reasons), you can simply check the 'Bypass Proxy Server' option under that servers 'Edit' menu. 

== Using HexChat with TLS / SSL ==

Many IRC networks (IRC servers) support SSL/TLS/encrypted connections and it is highly advisable to utilize it - but depending on the specific configuration of an IRC server, some small setting changes may have to occur first.

=== Enabling SSL ===

If the destination IRC network uses a certificate from a major or paid CA (Certificate Authority) as many popular ones do, these modifications can be made under the servers 'Edit' menu:

1. Select "Use SSL for all the servers on this connection" option in the desired networks Edit/Configuration window. This will ensure your client does not make any connections outside of the encrypted stream.

2. '''IMPORTANT:''' Avoid selecting the option "Accept invalid SSL certificate".

=== Enabling SSL for Self-Signed Certificates ===
'''NOTICE:''' It is currently not possible to properly trust self-signed certificates in HexChat. The cause of this is outlined [https://github.com/hexchat/hexchat/issues/261 here].

Some servers (including virtually all onion-based IRC servers which offer SSL) use self-signed certificates which are not listed in any CA and therefore are recognized as invalid by HexChat. In order to connect to a server which uses a self-signed cert, you may simply:

1. Select "Use SSL for all the servers on this connection" option in the desired networks Edit/Configuration window. This will ensure your client does not make any connections outside of the encrypted stream.

2. Select the 'Accept invalid SSL certificates' option. This will force HexChat to bypass its CA check.

=== SSL port ===

If an IRC servers SSL supported port is the default 6697, then its entry in the menu will look like this: 
{{{
irc.server.net/6697
}}}

== OTR ("Off-the-Record") == 

For even stronger privacy, it is advisable to use the [https://en.wikipedia.org/wiki/Off-the-Record_Messaging OTR] protocol. This can be accomplished by using the '''hexchat-otr''' package / plugin.

== SASL Authentication ==

SASL is a type of user login and authentication method that allows identification to services such as NickServ during the connection process, before anything else occurs. 

Some IRC networks / servers also provide an onion service. They often require the users IRC client to have SASL functioning and credentials present in order to allow authentication. Fortunately, HexChat makes this simple:

1. Open the Network List. Find the desired server and click 'Edit'.
2. In the "User name" field, enter your NickServ nick
3. Select SASL (username + password) for the "Login method" field
4. In the "Password" field, enter your NickServ password

== See also ==
[wiki:doc/TorifyHOWTO/IRC Internet Relay Chat - General security and anonymity]