Any way to restrict ASP.NET Core 2.0 HTTPS to TLS 1.2?

There's a UseHttps overload that allows you to provide a HttpsConnectionAdapterOptions instance to configure this. Here's an example of what this might look like in your case:

listenOptions.UseHttps(new HttpsConnectionAdapterOptions
{
    ...
    SslProtocols = SslProtocols.Tls12
});

For reference, SslProtocols defaults to SslProtocols.Tls12 | SslProtocols.Tls11.

.net core 2.1 Kestrel config:

.UseKestrel(c =>
            {
                c.ConfigureHttpsDefaults(opt =>
                {
                    opt.SslProtocols = SslProtocols.Tls12;
                });
            })