OpenSSL 1.1.1dev has official support for ChaCha cipher priority, since a few days or so. With this ported patch. OpenSSL 1.1.0 will do the same. ChaCha20+Poly1305 will be used if it is the client's most preferred cipher and if its is used as ssl_ciphers in Nginx (position does not matter). OpenSSL 1.1.0G - Use ChaCha only if it is prioritized by the client - with fix. OpenSSL 1.1.0G - Use ChaCha only if it is prioritized by the client - vanilla. Nginx test ssl_ciphers: ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+CHACHA20:!MD5; Before: After: Upstream test suite plus documentation code does not form part of this patch. The test suite won't work anyway as OpenSSL is compiled with Nginx and not compiled c.q. installed as stand alone. Therefore the documentation and ChaCha cipher priority test suite is not included. Most Android devices are using Chacha draft (better known as Old_Chacha). Chacha draft was removed from the final OpenSSL 1.1 release. OpenSSL 1.1 only supports the final Chacha standard. Please note that Nginx does not support SSL_OP_PRIORITIZE_CHACHA yet but only SSL_OP_CIPHER_SERVER_PREFERENCE. Therefore as attachment a second patch with the original sourcecode plus fix to select ChaCha if the client has ChaCha first, and Nginx server cipher priority is used. I am not active in software development, this is pure mathematics and algorithmics. Thereby this contribution is purely out of interest. Nothing more or less than that I have had fun.