Dear Michael Dunn
Many, many, many apologies for not spotting your reply until today. Due to me only requiring access to machines on my own sub-networks, I really had no need to sign into the RealVNC service (so I wasn't that bothered about it and thus just gave up trying to fix it) but it's been on the back of my mind that I should get around do digging deeper, so just yesterday, I decided to have another shot and the first thing I tried was adding the below two below exceptions...
^https?://[A-Za-z0-9.-]*\.vnc\.com/
^https?://[A-Za-z0-9.-]*\.realvnc\.com/
...to a small group, which was already configured as is shown below:
Skipping: Sandstorm / URL Filter / Content Removal / SSL scanning
When I then entered my credentials into the RealVNC client (on my Debian laptop) it immediately logged me into their server (and that was with no proxy information configured within the client; it was just set to the default of 'use the system proxy settings'). I thought I had tried something similar, back in the day, but perhaps I am mistaken (and of course, I have also updated the Debian RealVNC Viewer package, since then) but anyhow, I have now effectively done just as you had suggested and all is now well. This morning, I sought out this thread to add an update about resolving it and that was when I spotted your post.
Anyhow, thank you very much indeed for responding, and also for informing me about SNI - I really do appreciate you taking the time to do so - as that is something with which I am currently unfamiliar with. As you had suggested, I will indeed go and search for 'Wireshark SNI' in order to find out what it is all about (and I'm already familiar with Wireshark, so I'll also try capturing it). It is always great to learn something new, so thank you once again for alerting me to its existence!
Kind regards
Briain