[BUG] ECONNRESET on corporate network - TLS fingerprinting blocks Bun while curl/Node.js work
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Claude Code fails with ECONNRESET on corporate network. After extensive debugging, the root cause appears to be TLS fingerprinting (JA3/JA4) by corporate firewall blocking Bun's TLS signature.
Key findings:
| Test | Result |
|------|--------|
| curl to api.anthropic.com | ✅ HTTP 404 |
| Node.js v18 fetch | ✅ HTTP 404 |
| Node.js v20 fetch | ✅ HTTP 404 |
| Claude Code (Bun) | ❌ ECONNRESET |
| Mobile tethering | ✅ Works |
| VPN | ✅ Works |
| Windows PC (same network) | ✅ Works (colleague) |
This suggests corporate firewall blocks connections based on TLS fingerprint, specifically targeting Bun's signature.
What Should Happen?
Claude Code should connect to the API successfully, as curl and Node.js fetch do on the same network.
Error Messages/Logs
[ERROR] API error: ECONNRESET
[ERROR] The socket connection was closed unexpectedly.
sourceURL: "/$bunfs/root/claude"
code=ECONNRESET
Steps to Reproduce
- Connect to corporate network with TLS inspection/fingerprinting firewall
- Open VS Code with Claude Code extension
- Try to send any message
- Connection fails with ECONNRESET
Verification tests on same network:
# Works
curl -I https://api.anthropic.com
# Works
node -e "fetch('https://api.anthropic.com').then(r => console.log(r.status))"
# Fails - Claude Code uses Bun
claude
Claude Model
None
Is this a regression?
Yes, this worked in a previous version
Last Working Version
Unknown (never worked on this corporate network)
Claude Code Version
2.1.23
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
VS Code integrated terminal
Additional Information
Workaround:
Using mobile tethering or VPN bypasses the issue.
Request:
- Consider providing a Node.js HTTP client option for enterprise environments
- Document TLS fingerprinting issues for corporate network users
Related Issues:
- #13657
- #18100
- #18766
Environment:
- Network: Corporate network (Japan)
- Security software: Trend Micro Apex One
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗