-doh and -dot mode now use uTLS to camouflage their TLS Client Hello fingerprint. The fingerprint to use is chosen randomly from a weighted distribution. You can control this distribution using the new -utls option. Use -utls none to disable uTLS if you encounter TLS errors with your chosen server.
This change means that it is no longer possible to use a proxy in -doh mode by setting the HTTP_PROXY or HTTPS_PROXY environment variables; this was an undocumented side effect of using the Go net/http package with no TLS camouflage.