On T194380 we discovered several bots/tools running on toolforge using .NET / mono that aren't able to talk modern TLS and that would be unable to connect to WMF sites after the deprecation of AES128-SHA is done as part of T192555.
I've tested the TLS capabilities of the mono environment using a pretty simple bot that just logins into wikipedia and exits:
```name=hello.cs
using System;
using DotNetWikiBot;
class MyHelloBot : Bot
{
public static void Main()
{
Site site = new Site("https://en.wikipedia.org", "VGutiérrez (WMF)@vgutierrez-test-bot", "password");
}
}
```
This code run on a trusty container with mono-project latest stable mono version (5.12) and a stock DotNetWikiBot 3.15 it's able to connect to en.wikipedia.org using TLS 1.2 and ECDHE-ECDSA-CHACHA20-POLY1305 as the ciphersuite.
```name=Dockerfile
FROM ubuntu:trusty
RUN apt-get update && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \
apt-get install -y apt-transport-https && \
echo "deb https://download.mono-project.com/repo/ubuntu stable-trusty main" | tee /etc/apt/sources.list.d/mono-official-stable.list && \
apt-get update && apt-get install -y mono-devel
WORKDIR /app
COPY . .
RUN mono-csc -debug+ -optimize- -reference:DotNetWikiBot.Build.for.Mono.dll hello.cs
CMD mono --debug hello.exe
```
So it would be great if we could provide an up-to-date mono environment on toolforge that's able to speak modern TLS and comply with our own TLS requirements :)