If you can, install curl-openssl, instead of curl-mbedtls.
How do I do that?
I only know, how to do it in custom compiled image. In case, no package available, bad luck.
Yes, what I know there is a fix but not yet ported.
Looks like I have the winning ticket for your issue:
root@OpenWrt:/tmp# ps | grep clean
4577 nobody 3912 S /usr/sbin/https-dns-proxy -r https://doh.cleanbrowsing.org/doh/security-filter/ -p 5053 -b 85.228.168.9,185.228.169.9 -4 -u nobody -g nogroup -l /
root@OpenWrt:/tmp# https-dns-proxy -V
2026.03.18-r1
Using: ev/4.33 c-ares/1.34.6 libcurl/8.19.0 mbedTLS/3.6.5 nghttp2/1.66.0
Features: HTTP2 HTTPS-proxy IPv6
I am running 25.12.2 release version. Therefore mbedTLS/3.6.5.
BUT I have manually fiddled
https-dns-proxy -V
2026.03.18-r1
into my system, from SNAPSHOT.
And that works, too. So, you will need to wait for a patch in SNAPSHOT, unless willing to build from src. Good excercise 
OR there might be a backport of the proxy to release. Easy, peasy.
Maby I should dowgrade to 25.12.2 but then I want to know if mbedTLS/3.6.5 is actuell in that.
Can someone confirm before I a downgrade?!
Probably no need. Just few hours ago, new commit to patch mbedtls
Update packages and give it a try.
I just checked with owut but isn't out yet. Probably released soon.
I use four different DNS servers and everything works has for a very long time
I use luci-app-https-dns-proxy and everything is fine.
Why am I saying this? Because you haven't yet figured out how this program works. For example, the server with the lowest ping responds first.
F.Y.I
I have https-dns-crypt working have added one more dns-instance (ControlD (Ads + Malware Filter) and after that all 4 four working. Must be some rules get executed.
Only curl error 35 but waiting fix to arrived in update.