[dxld]

I was looking into this some years back when I was considering building a high-availability IRC bouncer that can pass the TLS IRC connections around with this.

There isn't anything out of the box that I could find, but there was some discussion/prototyping around adding an API for exporting all the necessary key material and metadata to the mbedtls API. With that it would have been "relatively" "easy" to do the TLS bits :)

See https://github.com/Mbed-TLS/mbedtls/issues/3141 and linked ML posts.