diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in
index 53b91ddb94..c9a853193f 100644
--- a/package/libs/openssl/Config.in
+++ b/package/libs/openssl/Config.in
@@ -4,6 +4,7 @@ comment "Build Options"
 
 config OPENSSL_OPTIMIZE_SPEED
 	bool
+	default y if x86_64 || i386
 	prompt "Enable optimization for speed instead of size"
 	select OPENSSL_WITH_ASM
 	help
@@ -15,7 +16,7 @@ config OPENSSL_OPTIMIZE_SPEED
 
 config OPENSSL_WITH_ASM
 	bool
-	default y
+	default y if !SMALL_FLASH || !arm
 	prompt "Compile with optimized assembly code"
 	depends on !arc
 	help
@@ -63,6 +64,7 @@ config OPENSSL_NO_DEPRECATED
 
 config OPENSSL_WITH_ERROR_MESSAGES
 	bool
+	default y if !SMALL_FLASH && !LOW_MEMORY_FOOTPRINT
 	prompt "Include error messages"
 	help
 		This option aids debugging, but increases package size and
@@ -147,6 +149,18 @@ config OPENSSL_WITH_CHACHA_POLY1305
 		It is 3x faster than AES, when not using a CPU with AES-specific
 		instructions, as is the case of most embedded devices.
 
+config OPENSSL_PREFER_CHACHA_OVER_GCM
+	bool
+	default y if !x86_64 && !aarch64
+	prompt "Prefer ChaCha20-Poly1305 over AES-GCM by default"
+	depends on OPENSSL_WITH_CHACHA_POLY1305
+	help
+		The default openssl preference is for AES-GCM before ChaCha, but
+		that takes into account AES-NI capable chips.  It is not the
+		case with most embedded chips, so it may be better to invert
+		that preference.  This is just for the default case. The
+		application can always override this.
+
 config OPENSSL_WITH_PSK
 	bool
 	default y
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 27746c15c6..68cd8fde6b 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -35,6 +35,7 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_OPENSSL_ENGINE_CRYPTO \
 	CONFIG_OPENSSL_NO_DEPRECATED \
 	CONFIG_OPENSSL_OPTIMIZE_SPEED \
+	CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
 	CONFIG_OPENSSL_WITH_ARIA \
 	CONFIG_OPENSSL_WITH_ASM \
 	CONFIG_OPENSSL_WITH_ASYNC \
@@ -153,6 +154,10 @@ endif
 
 ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305
   OPENSSL_OPTIONS += no-chacha no-poly1305
+else
+  ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM
+    OPENSSL_OPTIONS += -DOPENSSL_PREFER_CHACHA_OVER_GCM
+  endif
 endif
 
 ifndef CONFIG_OPENSSL_WITH_ASYNC
diff --git a/package/libs/openssl/patches/140-allow-prefer-chacha20.patch b/package/libs/openssl/patches/140-allow-prefer-chacha20.patch
new file mode 100644
index 0000000000..9cbe221388
--- /dev/null
+++ b/package/libs/openssl/patches/140-allow-prefer-chacha20.patch
@@ -0,0 +1,78 @@
+From 286e015bf0d30530707a5e7b3b871509f2ab50d7 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 27 Sep 2018 08:44:39 -0300
+Subject: Add OPENSSL_PREFER_CHACHA_OVER_GCM option
+
+This enables a compile-time option to prefer ChaCha20-Poly1305 over
+AES-GCM in the openssl default ciphersuite, which is useful in systems
+without AES specific CPU instructions.
+OPENSSL_PREFER_CHACHA_OVER_GCM must be defined to enable it.
+
+Note that this does not have the same effect as the
+SL_OP_PRIORITIZE_CHACHA option, which prioritizes ChaCha20-Poly1305 only
+when the client has it on top of its ciphersuite preference.
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- a/include/openssl/ssl.h
++++ b/include/openssl/ssl.h
+@@ -173,9 +173,15 @@ extern "C" {
+ # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
+ /* This is the default set of TLSv1.3 ciphersuites */
+ # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+-#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+-                                   "TLS_CHACHA20_POLY1305_SHA256:" \
+-                                   "TLS_AES_128_GCM_SHA256"
++#  ifdef OPENSSL_PREFER_CHACHA_OVER_GCM
++#   define TLS_DEFAULT_CIPHERSUITES "TLS_CHACHA20_POLY1305_SHA256:" \
++                                    "TLS_AES_256_GCM_SHA384:" \
++                                    "TLS_AES_128_GCM_SHA256"
++#  else
++#   define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
++                                    "TLS_CHACHA20_POLY1305_SHA256:" \
++                                    "TLS_AES_128_GCM_SHA256"
++#  endif
+ # else
+ #  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+                                    "TLS_AES_128_GCM_SHA256"
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -1464,11 +1464,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+     ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
+                           &tail);
+ 
++    /*
++     * If OPENSSL_PREFER_CHACHA_OVER_GCM is defined, ChaCha20_Poly1305
++     * will be placed before AES-256.  Otherwise, the default behavior of
++     * preferring GCM over CHACHA is used.
++     * This is useful for systems that do not have AES-specific CPU
++     * instructions, where ChaCha20-Poly1305 is 3 times faster than AES.
++     * Note that this does not have the same effect as the SSL_OP_PRIORITIZE_CHACHA
++     * option, which prioritizes ChaCha20-Poly1305 only when the client has it on top
++     * of its ciphersuite preference.
++     */
++
++#ifdef OPENSSL_PREFER_CHACHA_OVER_GCM
++    ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
++                          &head, &tail);
++    ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
++                          &head, &tail);
++#else
+     /* Within each strength group, we prefer GCM over CHACHA... */
+     ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
+                           &head, &tail);
+     ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
+                           &head, &tail);
++#endif
+ 
+     /*
+      * ...and generally, our preferred cipher is AES.
+@@ -1524,7 +1542,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+      * Within each group, ciphers remain sorted by strength and previous
+      * preference, i.e.,
+      * 1) ECDHE > DHE
+-     * 2) GCM > CHACHA
++     * 2) GCM > CHACHA, reversed if OPENSSL_PREFER_CHACHA_OVER_GCM is defined
+      * 3) AES > rest
+      * 4) TLS 1.2 > legacy
+      *