Describe the bug
Using a cloudflared tunnel with requirement valid certificate (mTLS), since 2 weeks, using Chrome v.116.0.5845.187 (Ubuntu) suddenly stopped working with certain ISP DNS servers.

If I use the ISP's (T-Mobile) DNS servers, the mTLS feature doesn't work. If I use Adguard private DNS, it works without problems.

How the error looks:
Either the choose certificate popup dialogue doesn't open or the choose certificate popup opens, but Cloudflare refuses connection with error: forbidden, 403, default cloudflare page.
Same error result in private mode. Fresh installation. No browser extensions. But using Firefox (Ubuntu) it works, without problems - regardless of the DNS server used.

To Reproduce
Steps to reproduce the behavior:

1. Configure cloudflared tunnel with require valid mTLS certificate to connect
2. Use Chrome (Ubuntu) or Chrome (Android) to open website.
3. See error

If it's an issue with Cloudflare Tunnel:
4. Tunnel ID : tba
5. cloudflared config: tba

Expected behavior
Open choose certificate dialogue popup on Chrome and connect to website. Like it used to work about 2 weeks ago.

Environment and versions

• OS: Ubuntu Mate 22.04 LTS / Android 13
• Architecture: Server ARM64 (not soc raspberry)
• Version: latest

Logs and errors
no error in logs

Additional context
It used to work without any issues for months, 2 weeks ago. But suddly stopped working. Only affecting Chrome browser.

I found the issue and a solution. What's causing it, is a default setting in Chrome:

Use DNS https alpn
When enabled, Chrome may try QUIC on the first connection using the ALPN information in the DNS HTTPS record. – Mac, Windows, Linux, ChromeOS, Android

chrome://flags/#use-dns-https-svcb-alpn
--> set to Disabled to fix the Cloudflare Tunnel mTLS issues.