Symptom
Applications built on the .NET Framework 4.5 may fail to establish secure HTTPS connections or may default to outdated and insecure protocols. This can result in connection failures, browser security warnings, or rejection by modern APIs and services that require stronger encryption standards like TLS 1.2 or higher.
Cause
.NET framework 4.5 is out of support and hence it does not use the latest cryptography mechanisms, we strongly recommend building apps in supported frameworks. Add the support lifecycle article there
.NET Framework official support policy | .NET
Resolution
The most robust fix is to upgrade your application to .NET Framework 4.6, 4.7 or later, where TLS 1.2 is enabled by default. This ensures your application uses stronger cipher suites and secure protocols automatically, without requiring additional configuration.
After installing the newer .NET Framework on your development or production environment, update your project’s target framework and recompile. For ASP.NET applications, update your Web.config file to reflect the new framework version. For example, if upgrading to .NET 4.6:
<system.web>
<compilation targetFramework="4.6" />
<httpRuntime targetFramework="4.6" />
</system.web>
This change, along with rebuilding your application under the updated framework, ensures that IIS and the .NET runtime use the latest libraries. Once deployed, your application will negotiate HTTPS connections using TLS 1.2 by default, resolving issues related to weak or unsupported cipher protocols.
Microsoft