[BUG] Claude Code MCP SSE client fails on HTTPS endpoints

Resolved 💬 4 comments Opened Jan 19, 2026 by jvallery Closed Feb 27, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Problem

claude mcp list fails to connect to external HTTPS MCP endpoint but works with local HTTP endpoint.

Root Cause

Claude Code's MCP SSE client has a bug with HTTPS connections, regardless of HTTP/1.1 vs HTTP/2.

Investigation Summary
┌────────────────────────────────┬───────┬─────────────────────────┬──────────────────┐
│ Test │ HTTP │ HTTPS (HTTP/2) │ HTTPS (HTTP/1.1) │
├────────────────────────────────┼───────┼─────────────────────────┼──────────────────┤
│ curl │ Works │ Works │ Works │
├────────────────────────────────┼───────┼─────────────────────────┼──────────────────┤
│ Node.js fetch │ Works │ Works (after flush fix) │ Works │
├────────────────────────────────┼───────┼─────────────────────────┼──────────────────┤
│ claude mcp list │ Works │ Fails │ Fails │
├────────────────────────────────┼───────┼─────────────────────────┼──────────────────┤
│ NODE_TLS_REJECT_UNAUTHORIZED=0 │ N/A │ N/A │ Fails │
├────────────────────────────────┼───────┼─────────────────────────┼──────────────────┤
│ mcp-remote (HTTP) │ Works │ N/A │ N/A │
├────────────────────────────────┼───────┼─────────────────────────┼──────────────────┤
│ mcp-remote (HTTPS) │ N/A │ N/A │ Fails │
└────────────────────────────────┴───────┴─────────────────────────┴──────────────────┘
What We Tried

Traefik Configuration (All Applied, None Fixed It)

  • flushInterval: "-1" - Flush responses immediately
  • responseHeaderTimeout: "0s" - No timeout for SSE
  • X-Accel-Buffering: no header
  • Cache-Control: no-cache header
  • HTTP/1.1 only via TLS alpnProtocols: ["http/1.1"]
  • Separate HTTP/1.1 entrypoint on port 3443
  • No buffering middleware

Client-Side Tests

  • NODE_TLS_REJECT_UNAUTHORIZED=0 - Still fails (not a cert trust issue)
  • mcp-remote bridge - Also fails

Conclusion

Definitively confirmed: The issue is a bug in Claude Code's HTTPS/TLS handling for SSE connections. Both
the native SSE client AND mcp-remote fail on HTTPS but work on HTTP. This affects:

  • HTTP/1.1 is properly negotiated
  • curl receives data immediately
  • Node.js fetch works on the same URL
  • Certificate is valid and trusted

Working Solution

Use the local HTTP endpoint:

claude mcp add --transport sse \
--header "Authorization: Bearer grvt_<token>" \
--scope user gravity "http://localhost:3000/sse"

This works because:

  1. Direct connection (no Traefik proxy)
  2. HTTP (no TLS)
  3. Same network as the MCP server

Traefik Configuration Applied

All SSE-optimized settings were applied to port 3443:

  • HTTP/1.1 only via TLS options
  • Immediate flush
  • No buffering
  • Proper timeouts

These work for curl/Node.js but not for Claude Code.

Environment:

  • Claude Code version: 2.1.12
  • Node.js: 22.22.0
  • Server: FastMCP with SSE transport
  • Proxy: Traefik v3 with HTTP/1.1 forced via TLS ALPN

Workaround: Use HTTP endpoint or localhost

What Should Happen?

Expected: Connection succeeds (as it does with curl, Node.js fetch)
Actual: Connection fails

Error Messages/Logs

Steps to Reproduce

Steps to Reproduce:

  1. Configure MCP server with SSE transport over HTTPS
  2. Add to Claude Code: claude mcp add --transport sse gravity "https://example.com/sse"
  3. Run claude mcp list
  4. Observe: "Failed to connect"

Claude Model

Not sure / Multiple models

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

2.1.12

Platform

Anthropic API

Operating System

Ubuntu/Debian Linux

Terminal/Shell

Terminal.app (macOS)

Additional Information

_No response_

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗