Heroku offers several different ways to terminate TLS/SSL. Whether you can disable TLS 1.0 and/or 1.1 depends on which TLS termination method is configured for your app.
TLS v1.0 and TLS v1.1 are no longer supported on the Heroku Common Runtime
Automated Certificate Management / Free Heroku SSL (SNI)
The default suite supports TLSv1.1 and TLSv1.2 (but not TLSv1.0). It provides good security and is compatible with a large range of browsers and clients.
For more details and instructions on changing the cipher suites view the Private Spaces documentation.
New private space apps default to having
spaces-tls-salesforce enabled, which requires TLS 1.2+.