There are two streams in the following pcap files, the first to appleid.apple.com, the second to api.devicecheck.apple.com, both use session_ticket extension.
out.pcap.gz

The second failed while the first succeeded. The main difference seems to be, in stream one, packet 6 contains Server Hello + Change Cipher Spec + Encrypted Handshake Message, but in stream two, packet 23 only contains Server Hello + Change Cipher Spec, the missing Encrypted Handshake Message is later in packet 27, which seems to be ignored by rustls as it reply alert message and close the connection before packet 27.

tokio-rustls version 0.23.2, rustls version 0.20.4

Could you capture these with a key log so that we might look inside the encrypted messages? In the ClientConfig you'll need to set the key_log to KeyLogFile, then set SSLKEYLOGFILE=<path> in the environment. In Wireshark you can set the key log file under the TLS protocol config tab as the "(Pre)-Master-Secret log filename".

Could you capture these with a key log so that we might look inside the encrypted messages?

It may be impossible as I'm not able to test it locally.

The error returned by rustls is CorruptMessagePayload(Handshake), which seems to be unrelated to keys.

Ah, you should file this against rustls instead of tokio-rs/tls, please. You might want to try rustls main, which has this change:

rustls/rustls#1016

When you file against rustls, maybe ping the author of that PR to see if they ran into a similar issue.