We may have a bug in crypto/tls that would be triggered by ECH rejection when the server supports PSK. The bug would cause the handshake to fail. I will investigate soon, unless someone gets there first. The temporary fix should be as simple as disabling ECH+PSK. It's likely that the spec will be changed in a way that allows us to properly patch this problem without a major refactor. See tlswg/draft-ietf-tls-esni#399.