what browsers and browser versions are your customers with issues on ? Could be TLS 1.3 draft vs RFC version difference issue with what is supported by web browser and Cloudflare differing.
Chrome 69 supports TLS 1.3 draft 28 while Chrome 70 release in ~5 days supports TLS 1.3 rfc final. Though Cloudflare’s TLS 1.3 should support TLS 1.3 draft 23, draft 28 and rfc final so shouldn’t matter. Though I have seen some reports of ERR_SSL_VERSION_INTERFERENCE for some of my users of my Centmin mod LEMP stack which uses Nginx/OpenSSL 1.1.1 with TLS 1.3 rfc final too with Chrome. They disabeld TLS 1.3 on web server and that fixed it. So probably same for Cloudflare TLS 1.3 disable in crypto section of your dashboard.
Also check if those visitors are using anti-virus/malware protection software i.e. Avast on their local computers as some have man in the middle (MITM) scanners which may not support the same TLS 1.3 draft/rfc final version that Cloudflare is advertising. So those visitors need to either update their anti-virus software or disable the scanners setting for scanning HTTPS in their software or disable Cloudflare TLS 1.3 for now
After some digging around on old posts I found out that turning off scanning encrypted connections from Settings- additional - network - do not scan… works.
Most of the times ssl version error occurs due to some wrong or altered browser settings, so you must crosscheck following browser settings before making any changes in the site configuration
Reverse all recent proxy changes of your browser
Disable TLS 1.3 from chrome flag settings
Uncheck Automatic Detect option from Internet Options < Internet Properties < LAN Settings < Connection
one of the above setting might fix ssl version error on your site. You can refer to fix ssl error in chrome for step by step instructions on fixing this error on your site.