diff --git a/tls.go b/tls.go
index aecb5a0..887c59b 100644
--- a/tls.go
+++ b/tls.go
@@ -36,6 +36,7 @@ import (
 	"time"
 
 	"github.com/pires/go-proxyproto"
+	"golang.org/x/crypto/chacha20poly1305"
 	"golang.org/x/crypto/curve25519"
 	"golang.org/x/crypto/hkdf"
 )
@@ -189,11 +190,17 @@ func Server(ctx context.Context, conn net.Conn, config *Config) (*Conn, error) {
 				if _, err = hkdf.New(sha256.New, hs.c.AuthKey, hs.clientHello.random[:20], []byte("REALITY")).Read(hs.c.AuthKey); err != nil {
 					break
 				}
+				var aead cipher.AEAD
+				if aesgcmPreferred(hs.clientHello.cipherSuites) {
+					block, _ := aes.NewCipher(hs.c.AuthKey)
+					aead, _ = cipher.NewGCM(block)
+				} else {
+					aead, _ = chacha20poly1305.New(hs.c.AuthKey)
+				}
 				if config.Show {
-					fmt.Printf("REALITY remoteAddr: %v\ths.c.AuthKey[:16]: %v\n", remoteAddr, hs.c.AuthKey[:16])
+					fmt.Printf("REALITY remoteAddr: %v\ths.c.AuthKey[:16]: %v\t AEAD: %T\n", remoteAddr, hs.c.AuthKey[:16], aead)
 				}
-				block, _ := aes.NewCipher(hs.c.AuthKey)
-				aead, _ := cipher.NewGCM(block)
+
 				ciphertext := make([]byte, 32)
 				plainText := make([]byte, 32)
 				copy(ciphertext, hs.clientHello.sessionId)