See the question and my original answer on StackOverflow

The specific ServicePointManager.SecurityProtocol determination is quite unrelated to the general question of 4 vs 4.6.1 framework for which I'm afraid there's not definitive answer, because it's not relevant in the general case (all cases are probably specific, if you will).

For the specific answer, this is described here: Mitigation: TLS Protocols

Starting with the .NET Framework 4.6, the System.Net.ServicePointManager and System.Net.Security.SslStream classes are allowed to use one of the following three protocols: Tls1.0, Tls1.1, or Tls 1.2. The SSL3.0 protocol and RC4 cipher are not supported.

If the 4.6+ is installed, then you can indeed change the behavior of your program w/o recompiling it, as detailed in the article, just add this line to your .config files:

    <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false" />