However, a TLS implementation could perform some of its processing
asynchronously. In particular, the process of validating a
certificate can take some time. While waiting for TLS processing to
complete, an endpoint SHOULD buffer received packets if they might be
processed using keys that aren't yet available. These packets can be
processed once keys are provided by TLS.
https://tools.ietf.org/html/draft-ietf-quic-tls-32#section-4.1.4