Pantheon.io covered it in detail, including the difference between Full SSL and "Flexible" SSL in CloudFlare's settings.
Here is a basic set of CloudFlare page rules to redirect HTTP to HTTPS and redirect www to the naked domain.
301 or 302 Redirect?
HTTP code 301 is a permanent redirect, HTTP code 302 is a temporary redirect. Be aware that a permanent redirect gets cached forever in most modern browsers. There is basically no going back from it unless the client clears its cache.
The "Always use HTTPS" rule is a 301 permanent redirect. It should be alright since everything ought to be HTTPS in the future.
Beware of redirecting from one domain to another with 301 permanent redirect. The redirected domain might become unusable if many browsers have cached its redirect.