Add support for TLS 1.3 External Pre-Shared Keys (PSK) #5161
Description
Describe the feature you'd like supported
Add Support for TLS 1.3 External Pre-Shared Keys (PSK). Provide an interface to configure and negotiate a QUIC connection with an external (out-of-band) PSK as defined in "The Transport Layer Security (TLS) Protocol Version 1.3" [RFC 8446] (https://datatracker.ietf.org/doc/html/rfc8446). The implementation should support both PSK-only (psk_ke) and PSK with (EC)DHE key establishment (psk_dhe_ke) exchange modes.
Proposed solution
Supporting TLS 1.3 external PSKs allows out-of-band authentication of QUIC. A long list of uses cases can be found in section 5.1 of "Guidance for External Pre-Shared Key (PSK) Usage in TLS" [RFC 9257] (https://www.rfc-editor.org/rfc/rfc9257.html#name-use-cases) including
Ex 1. Device-to-device communication with out-of-band synchronized keys. PSKs provisioned out of band for communicating with known identities, wherein the identity to use is discovered via a different online protocol.
Ex. 2. Certificateless server-to-server communication. Machine-to-machine communication may use externally provisioned PSKs; this is primarily for the purposes of establishing TLS connections without requiring the overhead of provisioning and managing PKI certificates
Additional context
No response