Sometime yesterday, A .Net (4.7.2) app that accesses the Twitter api stopped working with an error "The request was aborted: Could not create SSL/TLS secure channel" when calling System.Net.HttpWebRequest.GetRequestStream() on Windows 2012 R2 machines. It's fine in 2016 / 2019.

It looks like Twitter have made changes and now support only 3 ciphers:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

... none of which Windows 2012R2 supports:

https://learn.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-8-1

Does anyone know

(a) - is there a way to update the ciphers in Windows Server 2012 R2 to support these newer ones

or

(b) - is there a way in .NET to use a different set of ciphers? (the Chrome browser, for example, continues to work in Windows 2012R2). Or will .NET only use the machine's ciphers?