diff --git a/packages/grpc-js/src/http_proxy.ts b/packages/grpc-js/src/http_proxy.ts
index 666877f0..956eef4a 100644
--- a/packages/grpc-js/src/http_proxy.ts
+++ b/packages/grpc-js/src/http_proxy.ts
@@ -22,9 +22,9 @@ import { getDefaultAuthority } from './resolver';
 import { parseTarget } from './resolver-dns';
 import { Socket } from 'net';
 import * as http from 'http';
-import * as http2 from 'http2';
 import * as tls from 'tls';
 import * as logging from './logging';
+import { SecureClientSessionOptions } from 'http2'
 import {
   SubchannelAddress,
   isTcpSubchannelAddress,
@@ -161,7 +161,7 @@ export interface ProxyConnectionResult {
 export function getProxiedConnection(
   address: SubchannelAddress,
   channelOptions: ChannelOptions,
-  connectionOptions: http2.SecureClientSessionOptions
+  connectionOptions: SecureClientSessionOptions
 ): Promise<ProxyConnectionResult> {
   if (!('grpc.http_connect_target' in channelOptions)) {
     return Promise.resolve<ProxyConnectionResult>({});
@@ -206,9 +206,11 @@ export function getProxiedConnection(
             ' through proxy ' +
             proxyAddressString
         );
-        // The proxy is connecting to a TLS server, so upgrade
-        // this socket connection to a TLS connection.
         if ('secureContext' in connectionOptions) {
+          /* The proxy is connecting to a TLS server, so upgrade this socket
+           * connection to a TLS connection.
+           * This is a workaround for https://github.com/nodejs/node/issues/32922
+           * See https://github.com/grpc/grpc-node/pull/1369 for more info. */
           const cts = tls.connect({
               ...connectionOptions,
               host: getDefaultAuthority(realTarget),
diff --git a/packages/grpc-js/src/subchannel.ts b/packages/grpc-js/src/subchannel.ts
index d1226e96..a4845347 100644
--- a/packages/grpc-js/src/subchannel.ts
+++ b/packages/grpc-js/src/subchannel.ts
@@ -312,15 +312,15 @@ export class Subchannel {
       connectionOptions.createConnection = (authority, option) => {
         if (proxyConnectionResult.socket) {
           return proxyConnectionResult.socket;
+        } else {
+          /* net.NetConnectOpts is declared in a way that is more restrictive
+           * than what net.connect will actually accept, so we use the type
+           * assertion to work around that. */
+          return net.connect(this.subchannelAddress);
         }
-        /* net.NetConnectOpts is declared in a way that is more restrictive
-         * than what net.connect will actually accept, so we use the type
-         * assertion to work around that. */
-        return net.connect(this.subchannelAddress);
       };
     }
 
-
     connectionOptions = Object.assign(
       connectionOptions,
       this.subchannelAddress
@@ -416,6 +416,10 @@ export class Subchannel {
   }
 
   private startConnectingInternal() {
+    /* Pass connection options through to the proxy so that it's able to
+     * upgrade it's connection to support tls if needed.
+     * This is a workaround for https://github.com/nodejs/node/issues/32922
+     * See https://github.com/grpc/grpc-node/pull/1369 for more info. */
     const connectionOptions: http2.SecureClientSessionOptions =
       this.credentials._getConnectionOptions() || {};