algesten
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎Cargo.lock‎
Lines changed: 113 additions & 0 deletions b/‎Cargo.lock‎
Lines changed: 113 additions & 0 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 9 additions & 1 deletion b/‎Cargo.toml‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎README.md‎
Lines changed: 3 additions & 2 deletions b/‎README.md‎
Lines changed: 3 additions & 2 deletions
@@ -1,5 +1,6 @@
 # Unreleased
 
+  * DTLS1.3 chacha20poly1305 and x25519 support #64
   * Fix panic in auto DTLS version selection #65
   * Add `Error::HandshakePending` for auto-sense pending state (breaking) #65
   * DTLS 1.2 ECDSA determine curve from certificate, not hash algorithm #57
 
@@ -20,7 +20,12 @@ default = ["aws-lc-rs", "rcgen"]
 aws-lc-rs = ["dep:aws-lc-rs", "_crypto-common"]
 
 # Pure Rust crypto provider
-rust-crypto = ["dep:aes-gcm", "dep:p256", "dep:p384", "dep:sha2", "dep:hmac", "dep:hkdf", "dep:ecdsa", "dep:generic-array", "dep:rand_core", "_crypto-common"]
+rust-crypto = [
+            "dep:aes-gcm", "dep:chacha20poly1305", "dep:chacha20", "dep:p256",
+            "dep:p384", "dep:x25519-dalek", "dep:sha2", "dep:hmac", "dep:hkdf",
+            "dep:ecdsa", "dep:generic-array", "dep:rand_core",
+            "_crypto-common"
+]
 
 # Internal for all cryptos
 _crypto-common = ["dep:der", "dep:pkcs8", "dep:sec1", "dep:signature", "dep:spki", "dep:x509-cert"]
@@ -61,6 +66,9 @@ hkdf = { version = "0.12", optional = true }
 ecdsa = { version = "0.16", optional = true, features = ["signing", "verifying"] }
 generic-array = { version = "0.14", optional = true }
 rand_core = { version = "0.6", optional = true }
+chacha20poly1305 = { version = "0.10", optional = true }
+chacha20 = { version = "0.9", optional = true }
+x25519-dalek = { version = "2", optional = true, features = ["static_secrets"] }
 
 # certificate generation
 rcgen = { version = "0.14.5", default-features = false, features = ["aws_lc_rs"], optional = true }
 
@@ -36,8 +36,9 @@ Three constructors control which DTLS version is used:
 - **Cipher suites (TLS 1.3 over DTLS)**
   - `TLS_AES_128_GCM_SHA256`
   - `TLS_AES_256_GCM_SHA384`
-- **AEAD**: AES‑GCM 128/256 only (no CBC/EtM modes).
-- **Key exchange**: ECDHE (P‑256/P‑384)
+  - `TLS_CHACHA20_POLY1305_SHA256`
+- **AEAD**: AES‑GCM 128/256, ChaCha20‑Poly1305 (no CBC/EtM modes).
+- **Key exchange**: ECDHE (P‑256/P‑384), X25519
 - **Signatures**: ECDSA P‑256/SHA‑256, ECDSA P‑384/SHA‑384
 - **DTLS‑SRTP**: Exports keying material for `SRTP_AEAD_AES_256_GCM`,
   `SRTP_AEAD_AES_128_GCM`, and `SRTP_AES128_CM_SHA1_80` ([RFC 5764], [RFC 7714]).