QUIC should support the same certificates that SslStream+Kestrel does. For example, a server hosting a website using an untrusted, self-signed certificate.

The server certificate is specified using SslServerAuthenticationOptions

I believe today that QUIC will fail when using an untrusted certificate. In this situation, the error reported by QUIC is not helpful about what the problem is. I don't have it on hand, but it was something like "Error: invalid state".

• Test System.Net.Quic server with invalid certificates
  • Self-signed
  • Outdated algorithms
  • Host name mismatch
• Where possible, match SslStream behavior
• If an unusable certificate is configured, provide a clear error with enough information to help the dev fix the problem