I'm looking for a solution to connect to a server using TLS 1.3 and an external PSK. Does stunnel support this?

I see that there are configuration options to set TLS 1.3, and configuration options to specify a PSK; if those were used together, would that result in TLS 1.3 with the PSK?

If so, how would I choose between ephemeral vs non-ephemeral DH? This doesn't seem to be an option. Ephemeral is an important choice for forward secrecy. Would it default to ephemeral?

Thank you.