[BUG] Claude Code cannot connect - Cloudflare TLS fingerprint rejection (ECONNRESET/ETIMEDOUT)

Resolved 💬 2 comments Opened Mar 22, 2026 by IRakow Closed Apr 19, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Description

Claude Code v2.1.81 cannot connect to api.anthropic.com. The TLS handshake is rejected by Cloudflare's bot detection for non-browser clients, while browser connections work fine.

Environment

  • macOS 26.3.1 (Build 25D771280a)
  • Node.js (OpenSSL 3.6.1)
  • Claude Code v2.1.81
  • Network: Home broadband, no VPN, no proxy

Error

What Should Happen?

i should be able to connect through terminal and it work.

Error Messages/Logs

## Diagnosis

**curl fails (default TLS fingerprint rejected):**

**curl works with --tlsv1.2 (but HTTP/2 framing breaks):**

**Node.js https module fails (same TLS rejection):**

**Node.js https module WORKS with custom ciphers + HTTP/1.1:**

Steps to Reproduce

Chrome connects fine — confirmed via lsof showing multiple ESTABLISHED connections to 160.79.104.10:443.

NODE_OPTIONS="--tls-cipher-list=..." does not fix Claude Code — likely because Claude Code uses undici/fetch internally which ignores this setting.

Root Cause

Cloudflare's bot detection on api.anthropic.com is rejecting Node.js's default TLS ClientHello fingerprint. Custom cipher suites bypass the filter, but Claude Code's internal HTTP client (undici/fetch) doesn't expose TLS configuration via NODE_OPTIONS.

Attempted Workarounds (all failed for Claude Code)

  • NODE_OPTIONS="--tls-min-v1.2" — no effect
  • NODE_OPTIONS="--tls-cipher-list=..." — no effect (undici ignores it)
  • NODE_EXTRA_CA_CERTS=/etc/ssl/cert.pem — no effect
  • NODE_TLS_REJECT_UNAUTHORIZED=0 — not tested (security concern)
  • npm update -g @anthropic-ai/claude-code — updated to v2.1.81, still broken

Suggested Fix

Configure undici/fetch in Claude Code to use TLS cipher suites that pass Cloudflare's fingerprint check, or expose a config option for custom TLS settings.

Related: #17541, #33355, #13657

Claude Model

Opus

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

2.1.81

Platform

Other

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

_No response_

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗