How to always use POST to request sensitive information from server

Do you suggest we restrict TLS negotiation to a high value say v1.2 ?

Only if you want it available to a subset of customers that can handle TLS 1.2 - not all browsers in every OS can. From a security perspective, the data you would normally have in a GET query string would be in the POST's payload. It's still in the packet, albeit perhaps wouldn't get logged by the web server. I guess it depends on what you're trying to protect against, but you can either apply a high TLS version requirement and make the site inaccessible to some customers, or use a really good web app firewall.