[QUIC] Use server TLS options in QUIC

[scalablecory]

We need to support multiple ALPN protocols, certificates, and SNI callbacks in QuicListener:

runtime/src/libraries/System.Net.Quic/src/System/Net/Quic/Implementations/MsQuic/Internal/MsQuicSession.cs

Lines 48 to 56 in 5c6f5b1

	// TODO allow for a callback to select the certificate (SNI).
	public IntPtr ListenerOpen(QuicListenerOptions options)
	{
	if (!_opened)
	{
	OpenSession(options.ServerAuthenticationOptions.ApplicationProtocols[0].Protocol.ToArray(),
	(ushort)options.MaxBidirectionalStreams,
	(ushort)options.MaxUnidirectionalStreams);
	}

[scalablecory]

@jkotalik moving to 6.0 -- did you find a way to use a server cert with Kestrel?

[ManickaP]

Triage: we're missing features in msquic to fully support that. We do have some support.

[karelz]

Triage: We need to make it more specific - list the ones we do not have & find out if we need msquic changes / features.
Making it high-pri until we know we have everything we need in msquic to build on.

[ManickaP]

SslServerOptions properties we do not touch (not sure if they all make sense in QUIC context):

• AllowRenegotiation
• CipherSuitesPolicy PNSE
• EnabledSslProtocols.NoEncryption PNSE (should this rather be != RequireEncryption)

cc @wfurt could you help identify if anything from the three we should support and if not, we might add some more PNSE and close this.

[wfurt]

We should do CipherSuitesPolicy at some point. MsQuic has support now but at this point the list has only 3 items AFAIK.

[ManickaP]

CipherSuitePolicy covered in #55378

[wfurt]

Looks complete to me.
CertificateRevocationCheckMode is covered indirectly.
For the NoEncryption: for SslStream we accept AllowNoEncryption even on systems that do not support NULL encryption. It will just never happen. We can be more strict for QUIC if we want to.

I would be in favor of closing this and keeping specific issues instead.

[ManickaP]

I'll close this for now, since we have an issue for the policy.