I'm having some trouble getting the OWASP check to update the NVDs on a slave.
I know you're going to say "Proxy settings" but it isn't!
I can do a tcpdump and it does a 3 way handshake and then a "client hello" packet that Wireshark identifies as "SSL" and has the SNI information in. The nvd.nist.gov server then sends a RST packet back.
(I can successfully do a curl as the jenkins user : curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz works fine)

And I can successfully download the updates on the master server.

When comparing the tcpdump between the working download and the failing ones, the working one is detected as "TLSv1.2" rather than SSL.

I did think it might be an old Java version issue, so removed 1.7 completely and installed 1.8. I also updated openSSL. No joy.
Anyone any ideas?? Is it a bug, a misconfiguration (what config is there??) ?