updated documentation to resolve issues #523 and #561

2026-01-15 08:13:43 +01:00 · 2016-10-28 18:58:27 -04:00
parent a12bc44ecd
commit 358367ef9e
3 changed files with 17 additions and 4 deletions
--- a/src/site/markdown/data/index.md
+++ b/src/site/markdown/data/index.md
@@ -6,13 +6,16 @@ constraints.

 Local NVD Database
 ----------------------------------
-OWASP dependency-check maintains a local copy of the NVD data hosted by NIST. By default,
+OWASP dependency-check maintains a local copy of the NVD CVE data hosted by NIST. By default,
 a local [H2 database](http://www.h2database.com/html/main.html) instance is used.
 As each instance maintains its own copy of the NVD the machine will need access
 to nvd.nist.gov in order to download the NVD data feeds. While the initial download of the NVD
 data feed is large, if after the initial download the tool is run at least once every seven
 days only two small XML files containing the recent modifications will need to be downloaded.

+In some installations OpenJDK may not be able to download the NVD CVE data. Please see the
+[TLS Failures article](./tlsfailure.html) for more information.
+
 If your build servers are using dependency-check and are unable to access the Internet you
 have a few options:

--- a/src/site/markdown/data/tlsfailure.md
+++ b/src/site/markdown/data/tlsfailure.md
@@ -0,0 +1,10 @@
+NVD CVE Download Failures
+=========================
+In some installations of the JRE (such as  OpenJDK on CentOS/RHEL/Amazon Linux) do not
+have the correct libraries to support EC cryptography. If you run into problems running
+dependency-check you may need to install Bouncy Castle and configure Java to use the
+more robust cryptographic provider.
+
+Helpful Links
+* [Stackoverflow discussion](http://stackoverflow.com/a/33521718/1995422)
+* [Bouncy Castle](https://www.bouncycastle.org/java.html)