I think your program lacks diagnostics capabilities.
verbose mode

if something goes wrong its hard to understand what’s happening
For example, if client cannot go beyond handshake phase it doesnt output anything

Also it would be good to have remote tls cert ignore option
to connect directly to https://ip_address not showing actual domain in the SNI

Thanks for the suggestions.

For SNI removal, you can try this patch. It will only work with the uTLS modes. It would take additional effort to make it work with -utls None (for example).

diff --git a/dnstt-client/utls.go b/dnstt-client/utls.go
index 7a6af56..4f60844 100644
--- a/dnstt-client/utls.go
+++ b/dnstt-client/utls.go
@@ -71,6 +71,11 @@ func utlsDialContext(ctx context.Context, network, addr string, config *utls.Con
 		return nil, err
 	uconn := utls.UClient(conn, config, *id)
+	err = uconn.RemoveSNIExtension()
+	if err != nil {
+		uconn.Close()
+		return nil, err
+	}
 	// Manually remove the SNI if it contains an IP address.
 	// https://github.com/refraction-networking/utls/issues/96
 	if net.ParseIP(config.ServerName) != nil {