So in rust mutable references are exclusive.

Because accepting a connection takes a &mut config, that means you can't quiche::accept in multiple threads without mutexing your config.

There's the obvious question of "wait why does the config need to be mutated? Config is generally understood to be a read only abstract concept."

I looked at the source code reveals the answer:

    fn new(
        scid: &ConnectionId, odcid: Option<&ConnectionId>, local: SocketAddr,
        peer: SocketAddr, config: &mut Config, is_server: bool,
    ) -> Result<Connection<F>> {
        let tls = config.tls_ctx.new_handshake()?;
        Connection::with_tls(scid, odcid, local, peer, config, tls, is_server)
    }

    fn with_tls(
        scid: &ConnectionId, odcid: Option<&ConnectionId>, local: SocketAddr,
        peer: SocketAddr, config: &Config, tls: tls::Handshake, is_server: bool,
    ) -> Result<Connection<F>> {

The with_tls function takes a &Config not a &mut Config. We can see where Config is required to be mutated, it is exclusively the tls_ctx portion.

Please please separate out the config, from the tls context RNG. Those are two completely separate things. Then for concurrency the tls context can be cloned or mutexed or whatever you want, without poisoning the entire config.