diff --git a/tlsconfig/config.go b/tlsconfig/config.go
index 8b0264f6..7b788c8c 100644
--- a/tlsconfig/config.go
+++ b/tlsconfig/config.go
@@ -47,6 +47,8 @@ var defaultCipherSuites = []uint16{
 	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+	tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+	tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 }
 
 // ServerDefault returns a secure-enough TLS configuration for the server TLS configuration.