Heroku offers several different ways to terminate TLS/SSL. Whether you can disable TLS 1.0 and/or 1.1 depends on which TLS termination method is configured for your app.
Automated Certificate Management / Free Heroku SSL (SNI)
For applications using Automated Certificate Management or the free Heroku SSL (SNI) TLS 1.0 & TLS 1.1 cannot currently be configured but will have changes in the coming weeks, please see: TLS v1.0/v1.1 End Of Life Schedule
The default suite supports TLSv1.1 and TLSv1.2 (but not TLSv1.0). It provides good security and is compatible with a large range of browsers and clients.
For more details and instructions on changing the cipher suites view the Private Spaces documentation.
Legacy Common Runtime
SSL Endpoint Add-on
However, if your application already has the SSL Endpoint add-on provisioned we can disable any protocols you want on a per add-on basis. Some older browsers would no longer be able to connect to your app, so we'd ask you to perform your own investigation into whether this would impact your site's visitors before making this request.
If you'd like to proceed, you can open a ticket to request disabling TLS 1.0/1.1 for your app that's using the SSL Endpoint Add-on.
Please Note: Before opening a ticket please ensure you have the SSL endpoint add-on provisioned on your app and an SSL certificate uploaded to it. Please provide the
Name of the SSL endpoint, shown when running
heroku certs --app app-name and if you require just TLS 1.0 or both TLS 1.0 & TLS 1.1 disabled.