It is fairly straightforward to compile nginx against the latest ssl tarball, rather than the extreme option of distro upgrade (which as pointed out is no good for Centos / RHEL) for the cipher support.
Actually this is speaking to two different issues.
Nginx is indeed one of the easiest programs to compile, very light and fast to build.
Building the newest openssl from scratch for centos into an rpm is quite a workout. I had to read two guides and still had to play with it a bit to get everything just right. Oh and pro-tip from a big "duh" moment - don't try to remove old openssl on a SSH connection. It doesn't just run from memory, when it goes away, so does your connection to the server.
