Heroku offers several different ways to terminate TLS/SSL. Whether you can disable TLS 1.0 and/or 1.1 depends on which TLS termination method is configured for your app.
TLS v1.0 and TLS v1.1 are no longer supported on the Heroku Common Runtime
Automated Certificate Management / Free Heroku SSL (SNI)
For applications using Automated Certificate Management or the free Heroku SSL (SNI) TLS 1.0 & TLS 1.1 cannot currently be configured but will have changes in the coming weeks, please see: TLS v1.0/v1.1 End Of Life Schedule
The default suite supports TLSv1.1 and TLSv1.2 (but not TLSv1.0). It provides good security and is compatible with a large range of browsers and clients.
For more details and instructions on changing the cipher suites view the Private Spaces documentation.
New private space apps default to having
spaces-tls-salesforce enabled, which requires TLS 1.2+.