Since most Servers are moving towards TLS 1.3 and removing TLS 1.0/1.1 support, it is important to make note of certain Server configurations that might be required to make your .Net Framework Application compatible with new TLS versions like TLS 1.2.
Just upgrading the Application to latest .Net Framework like 4.8 version, which as per documentation states it automatically handles the compatibility with newer TLS versions when older TLS versions are disabled.
I have managed to resolve the issues on my server by updating the SSL Cipher Suite Order, I had mistakenly removed some of the suites that windows suggested was for TLS1.0 and 1.1 only when in actual fact they were needed for some TLS1.2 connections as well.
I resolved my issues by:
- Open Run Prompt and run gpedit.msc
- Navigate to “Administrative Templates > Network > SSL Configuration Settings”
- Open SSL Cipher Suite Order
- Select Enabled
- Paste the list of suites below into the text box (make sure there are no spaces)
- Click Apply
- Restart the server
Note, these suites work for me but you may require other ones for different applications. You should be able to find a full list and more info on the suites here https://docs.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel?redirectedfrom=MSDN
You can also use a tool like IISCrypto to update the Cipher Suite order.