We've been having this issue with the automated software deployment policies where certain patches are failing to download. These are typical third party patches, from third party sites. A couple we've run across recently are for Adobe Acrobat DC and DC Pro, as well as Citrix Workspace.

These updates fail to download with remarks 'connection reset'. Upon further investigation it appears the actual error was "javax.net.ssl.SSLException:Connection reset".

https://downloadplugins.citrix.com

These are just 2 recent example. For all 3 files that failed downloading, I can grab the full URL to the .exe or .msp files that Managed Engine has linked to the patch ID, log into the ME ECENT server itself, open a web browser, put in the full URL, and download the file.

With this in mind, the server can reach the files ME has linked to the patch IDs, I can pull the base URLs up in a browser and confirm they're trusted, and download is successful.

So, why is ME resetting the connection? Well, given it's a Java-based application, and Java is resetting the connection, I'm led to believe that the issue lies within ME's Java TLS/SSL settings, and some of these public sites, and what ciphers/TLS settings are enabled to ensure compatibility, or alternatively, what public CA/root/intermediary certificates exist in the Java key store for public CAs.

We can download the file with the URL provided, and upload it to the patch ID, but that's rather untenable.

Has anyone run into this issue before? The file CAN be downloaded with the URL on the ME ECENT server itself, however, the download call through the Java-based application is what's failing, so I don't believe this to be a server issue.