For customers at a paid level of service
Cloudflare's server configuration for TLS cipher suites is set in nginx (which we use extensively) with the following configuration command:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
For customers at the free level of service
Free sites using Universal SSL are issued SHA2+ECDSA certificates, which require clients that support elliptic curve cryptography (ECC) and SNI.