It's been a long time since I had to do this, and as others have said, ideally avoid WindowsXP. However, if you have no choice and wish to enable TLS1.2 you need to add the following enum value:

System.Net.ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;

If the enum value does not exist in SecurityProtocolType it is possible to add them in as an extension method as described here:
https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls#if-you-must-explicitly-set-a-security-protocol

If you have done all of that and it still doesn't work - try adding tracing as described in this answer here: https://stackoverflow.com/a/5985497/30012070 it will hopefully show more detail on the cypher suites supported by the key exchange as well as why it's failing... HTH, Nick