1. key exchange:
PSK - for embedded only
RSA - obsolete because it doesn't provide PFS
DHE - secure only if 2048 bits and up
ECDHE - usually using P-256, secure
ECDHE with Curve25519, called "X25519" - secure
CECPQ1 - Google experiment in post quantum crypto
2. authentication:
PSK - for embedded only
RSA encryption/decryption - obsolete because it doesn't provide PFS
RSA signing and verification - secure if keys are 2048 bits and up
ECDSA signing and verification - usually over P-256, secure
EdDSA signing and verification - draft standard, uses Curve25519 and Curve448, secure
3. cipher (for confidentiality):
RC4 - disallowed
3DES - obsolete because of sweet32
AES-128 - good, requires AES hardware to be both fast and secure
AES-256 - same as AES-128 but is required for post-quantum and against parallel attacks on many keys
CHACHA20 - good, is fast on generic hardware
4. MAC (to protect against tampering which usually breaks confidentiality):
HMAC-MD5 - obsolete
HMAC-SHA1 - ok
HMAC-SHA256 and HMAC-SHA384 - no more secure than SHA1 for this use case
GCM - faster than HMAC, requires CLMUL CPU instruction to be fast
POLY-1305 - fast and secure on generic hardware
5. KDF used to generate symmetric keys:
MD5+SHA1 - obsolete, probably ok
HMAC-SHA1 - ok
HMAC-SHA256 and HMAC-SHA384 - no more secure than SHA1 for this use case
Originally 5 was the same as 4 and was not specified separately. Also, many details omitted.
But anyway, chacha20-poly1305 is actually one of these [1]:
But anyway, chacha20-poly1305 is actually one of these [1]:
and you use only the first two from the list. The "ECDHE" part can be regular ECDHE with P-256 or X25519.1 - https://tools.ietf.org/html/rfc7905#section-2