Title: Plugin Update Center Fails in UI but Works via CLI Across Multiple AWS Accounts

Description:

We are experiencing a consistent issue across multiple AWS accounts and different Jenkins versions (including 2.479.3) where:

• Plugin updates via the Jenkins web UI fail with a Connection reset error.
• The same plugin updates work fine via the Jenkins CLI.
• No proxy is configured at the OS or Jenkins level.
• DNS resolution for updates.jenkins.io is consistent and correct.
• TLS debug logging (javax.net.debug) set via the Script Console does not produce output, likely due to JVM initialization timing.
• Restarting Jenkins with TLS debug flags shows handshake attempts but no clear failure reason.
• The issue is reproducible across different Jenkins versions and EC2 instances in separate AWS accounts.

Steps to Reproduce:

1. Launch Jenkins on an EC2 instance (Java 17.0.16, Jenkins 2.479.3).
2. Attempt to install or update a plugin via the web UI.
3. Observe Connection reset error in logs or Script Console.
4. Run the same plugin install via CLI (install-plugin) — it succeeds.
5. Confirm no proxy is in use and DNS resolves correctly.

Expected Behavior:

Plugin updates should succeed via both the UI and CLI.

Actual Behavior:

Plugin updates fail via the UI with a Connection reset error, but succeed via CLI.

Environment:

• Jenkins versions: 2.440.x, 2.479.3
• Java: 17.0.16
• OS: Amazon Linux 2 / Ubuntu 22.04
• Network: No proxy, direct internet access via NAT Gateway
• AWS: Multiple accounts and VPCs

Additional Notes:

• TLS debug logs only appear when set at JVM startup.
• DNS resolution and curl tests to https://updates.jenkins.io succeed.
• Issue appears to be specific to Jenkins' internal HTTP client or TLS handling.