"The end result is that Chrome talking to Google uses AES-GCM if there's hardware support at the client and ChaCha20-Poly1305 otherwise."

It seems to be specific to Chrome though, and all TLS clients would have to reimplement that choice. Would be good if there was a way to tell the SSL library to give you the best cipher that works on your hardware (i.e. don't give AES-GCM/AES-CBC when there is no hardware support and the software implementation isn't constant time).