[FEATURE] Support TLS/SSL configuration for HTTP MCP servers
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
When connecting to an HTTP MCP server that uses a self-signed certificate or a certificate from a private CA, the connection fails with:
Error: SDK auth failed: unable to verify the first certificate
There is currently no way to configure TLS settings per MCP server in the JSON config. The only workarounds are environment variables (NODE_TLS_REJECT_UNAUTHORIZED=0 or NODE_EXTRA_CA_CERTS), which apply globally to the entire process and are not portable across Claude Code clients (CLI, VS Code extension, desktop app).
Proposed Solution
Add optional TLS configuration fields to the HTTP MCP server definition:
{
"mcpServers": {
"my-server": {
"type": "http",
"url": "https://10.0.0.1:6876/api/mcp",
"headers": {
"Authorization": "Basic ..."
},
"insecure": true,
"ca": "/path/to/custom-ca.crt"
}
}
}
insecure(boolean): skip TLS certificate verification for this server onlyca(string): path to a custom CA certificate to trust for this server
Alternative Solutions
There is currently no way to configure TLS settings per MCP server in the JSON config. The only workarounds are environment variables (NODE_TLS_REJECT_UNAUTHORIZED=0 or NODE_EXTRA_CA_CERTS), which apply globally to the entire process and are not portable across Claude Code clients (CLI, VS Code extension, desktop app).
Priority
Critical - Blocking my work
Feature Category
CLI commands and flags
Use Case Example
_No response_
Additional Context
- Connecting to internal/private services over HTTPS with self-signed certs is a common use case
- Global env vars are a blunt instrument — they disable TLS verification for _all_ connections, not just the MCP server
- Per-server config would be portable across all Claude Code clients without requiring shell profile changes or per-client env var setup
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗