Thanks, I'll read up on your discussion there. My original use for this is to share the same certificate and key on a process that has both a TLS and DTLS connection. I went with just making the DTLS derive a PSK from the keying material of the TLS.