Problem connection TLS incoming DNS

[gianfelicevincenzo]

dnsdist 1.9.8
Openwrt 21.02

config:

local dohACL = { "0.0.0.0/0" }
newServer({address="127.0.0.1:53"})
addDOH1Local("0.0.0.0:4433", "/myssl/myrouter-signed.pem", "/myssl/myrouter.key", '/dns')
setACL(dohACL)
setVerboseHealthChecks(true)

error:
Exception when processing IO for incoming DoH connection from 100.108.201.50:40866: Error while processing TLS connection: (1) 547681208536:error:14094416:lib(20):func(148):reason(1046):ssl/record/rec_layer_s3.c:1543:SSL alert number 46

and with openssl s_client -connect

---
read R BLOCK
HTTP/1.1 400 Bad Request
Connection: Close

<html><body>This server implements RFC 8484 - DNS Queries over HTTP, and requires HTTP/2 in accordance with section 5.2 of the RFC.</body></html>
closed

[Habbie]

alert number 46

"Certificate Unknown" - sounds like the client you're testing with does not like your certificate?

this server implements RFC 8484

you need to use a client that supports HTTP/2

[gianfelicevincenzo]

I have self-signed certificates with a CA installed on every device I own (except openwrt where dnsdist actually runs). In an old version of dnsdist it worked perfectly, after upgrading to 1.9.8 it stopped working. Is there a setting to tell dnsdist to ignore the self-signed certificate?

you need to use a client that supports HTTP/2

@Habbie I am using the "secure DNS" option in Google Chrome and Firefox for testing.