We use very light weight libraries - https://openziti.io/docs/learn/core-concepts/security/connec... - incl. mbedTLS (from Arm) and ChaCha20-Poly1305 (same as Wireguard) by default. We have tons of use cases in constrained environments, both CPU and the network transport. This includes embedding our SW on military drones, into industrial FWs, and more.
How does this choice affect performance and CPU utilization? Wireguard is known for providing good network performance with low resources.