BoringSSL is a Google fork of OpenSSL. It includes various interesting patches, including an implementation of the ChaCha20 cipher. In addition, BoringSSL allows you to group cipher suites of equal preference:
In this article I show you how you can tweak your nginx configuration to take advantage of this feature.
Update: Meanwhile you could also switch to the BoringSSL fork.
D. J. Bernstein’s ChaCha20-Poly1305 has not been merged into the OpenSSL master branch yet (ETA, anyone?). If you are curious to test it with nginx or any other application relying on the OpenSSL libraries with support for TLS 1.2, you can check it out via the 1.0.2-aead branch:
$ git clone https://github.com/openssl/openssl.git
$ cd openssl
$ git checkout 1.0.2-aead
Then follow the usual instruction from the INSTALL file on how to compile OpenSSL.