This patch implements BoringSSL's equal-preference groups of cipher suites in OpenSSL 1.1. Why? One of the best parts of BoringSSL + Nginx in contrast to OpenSSL 1.1 + Nginx is equal-preference groups of cipher suites (If you ask me). As upstream OpenSSL 1.1 won't support equal-preference groups of cipher suites. BoringSSL not interesting to use? Not that really as BoringSSL is not supporting: Online Certificate Status Protocol (OCSP) on the server side (i.e. Nginx). Also developers do not recommend it: Whats about Cloudflare's patch? Cloudflare's (current opensource) OpenSSL 1.0.2 + OpenSSL 1.1 patch is, in fact a hack. It hacks the OpenSSL code to ensure it (ChaCha) is only taken if it is the client's top cipher choice. As shown to the latest Cloudlare, Nginx configuration file on GitHub. Cloudflare recently switched to a similar type, decent 'non hack' solution of equal-preference groups solution. But their patch is not (yet) released (Opensourced). Therefore my patch, and of course, Im using it myself for a while now. Howto Patch the OpenSSL 1.1f code with this patch before you are compiling Nginx with OpenSSL 1.1f. Change your Nginx ssl_ciphers parameter to Cloudflare's latest config. Done. As I am using other sources then my own i.e. Google BoringSSL's opensource-source, please note that all glory and fame goes to them. Not to the undersigned (me). The purpose of this project is to implement and use the feature equal-preference groups of cipher suites in Nginx with the latest OpenSSL 1.1. stable. Initially for own use. Nothing less, noting more.