TLS and How to avoid connection errors.

• .NET 4.6 and above. You don’t need to do any additional work to support TLS 1.2, it’s supported by default.
• .NET 4.5. TLS 1.2 is supported but it’s not a default protocol. You need to opt-in to use it. The following code will make TLS 1.2 default, make sure to execute it before making a connection to secured resource:

    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

• .NET 4.0. TLS 1.2 is not supported, but if you have .NET 4.5 (or above) installed on the system then you still can opt in for TLS 1.2 even if your application framework doesn’t support it. The only problem is that SecurityProtocolType in .NET 4.0 doesn’t have an entry for TLS1.2, so we’d have to use a numerical representation of this enum value:

    ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

• .NET 3.5 or below. TLS 1.2 is not supported (*) and there is no workaround. Upgrade your application to more recent version of the framework.

Personally on my .Net 4.0 Framework with some asp classic files I used:

    ServicePointManager.SecurityProtocol = (SecurityProtocolType)(0xc0 | 0x300 | 0xc00);

https://blogs.perficient.com/2016/04/28/tsl-1-2-and-net-support/

Are you on .net 4.0? You should be at least 4.5 to use it. You can try to update your web target framework version: TLS 1.2 in .NET Framework 4.0

Website is already on .Net 4.5, Later updating the Compilation > TargetFramework manually from 4.0 to 4.5 fixed the issue for me.

Here's is the updated configuration

<compilation debug="true" targetFramework="4.5">
  <assemblies>
    <add assembly="System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
    <add assembly="System.Net, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
  </assemblies>
</compilation>

About your concerns which version of TLS your application(client) and the server you are trying to connect will use.

Directly quoted from the RFC 5246 standard for TLS.

• During ClientHello (first request client makes to the server)

  The version of the TLS protocol by which the client wishes to communicate during this session. This SHOULD be the latest (highest valued) version supported by the client.

• During ServerHello (first request that server responds with)

  This field will contain the lower of that suggested by the client in the client hello and the highest supported by the server.

ClientHello and ServerHello are structures with fields which are described in the standard here.

TL;DR

When using System.Net.WebRequest your application will negotiate with the server to determine the highest TLS version that both your application and the server support, and use it.

Regarding your question.

• You can find the supported TLS protocol versions by .NET here but please verify .NET framework version you are using and navigate to the right version in the msdn.

SecurityProtocolType.Tls11 and SecurityProtocolType.Tls12 enum values are missing on Framework 4.0 only.

SecurityProtocolType numeric values:
SystemDefault (0)
Ssl3 (48 - 0x30)
Tls (192 - 0xC0)
Tls11 (768 - 0x300) missing on Framework 4.0
Tls12 (3072 - 0xC00) missing on Framework 4.0

On Framework 4.0, if want to allow TLS 1.0, 1.1 and 1.2, just replace:

SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12  

by:

(SecurityProtocolType)(0xc0 | 0x300 | 0xc00)