[theandrewbailey]

Last weekend, I added Bouncy Castle as the security provider in my dev environment, but my server did not show ChaCha20 in the list of available TLS ciphers. I was not convinced that my server was even using BC. Knowing that if you don't know what you're doing and mess around with crypto too much that you can get burned, I gave up. ECDHE RSA AES GCM for now.

[samch]

I think I see where you're coming on that. For most of my applications, I terminate TLS connections with nginx. I do use ChaCha for high-speed encryption in other areas, though. The BC libraries have always worked great for me.