For customers at a paid level of service
Cloudflare's server configuration for TLS cipher suites is set in nginx (which we use extensively) with the following configuration command:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
For customers at the free level of service
Sites using UniversalSSL are issued SHA2+ECDSA certificates, which require clients that support TLSv1.2 and SNI.