[BUG] ECONNRESET on corporate network - TLS fingerprinting blocks Bun while curl/Node.js work

Resolved 💬 5 comments Opened Jan 29, 2026 by k-pon-jp Closed Mar 25, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Claude Code fails with ECONNRESET on corporate network. After extensive debugging, the root cause appears to be TLS fingerprinting (JA3/JA4) by corporate firewall blocking Bun's TLS signature.

Key findings:
| Test | Result |
|------|--------|
| curl to api.anthropic.com | ✅ HTTP 404 |
| Node.js v18 fetch | ✅ HTTP 404 |
| Node.js v20 fetch | ✅ HTTP 404 |
| Claude Code (Bun) | ❌ ECONNRESET |
| Mobile tethering | ✅ Works |
| VPN | ✅ Works |
| Windows PC (same network) | ✅ Works (colleague) |

This suggests corporate firewall blocks connections based on TLS fingerprint, specifically targeting Bun's signature.

What Should Happen?

Claude Code should connect to the API successfully, as curl and Node.js fetch do on the same network.

Error Messages/Logs

[ERROR] API error: ECONNRESET
[ERROR] The socket connection was closed unexpectedly. 
sourceURL: "/$bunfs/root/claude"
code=ECONNRESET

Steps to Reproduce

  1. Connect to corporate network with TLS inspection/fingerprinting firewall
  2. Open VS Code with Claude Code extension
  3. Try to send any message
  4. Connection fails with ECONNRESET

Verification tests on same network:

# Works
curl -I https://api.anthropic.com

# Works  
node -e "fetch('https://api.anthropic.com').then(r => console.log(r.status))"

# Fails - Claude Code uses Bun
claude

Claude Model

None

Is this a regression?

Yes, this worked in a previous version

Last Working Version

Unknown (never worked on this corporate network)

Claude Code Version

2.1.23

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

VS Code integrated terminal

Additional Information

Workaround:
Using mobile tethering or VPN bypasses the issue.

Request:

  1. Consider providing a Node.js HTTP client option for enterprise environments
  2. Document TLS fingerprinting issues for corporate network users

Related Issues:

  • #13657
  • #18100
  • #18766

Environment:

  • Network: Corporate network (Japan)
  • Security software: Trend Micro Apex One

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗