A JavaServlet I maintain uses SSL encryption. I THINK it uses JSSE SSL by Oracle and after the HeartBleed Bug announcement I don't want to be using OpenSSL. Can someone tell me how I can be sure this is the case please?
Windows binaries are provided by Apache for Tomcat for tcnative-1, which is a statically compiled .dll which includes OpenSSL and APR.
It can be downloaded from here as 32bit or AMD x86-64 binaries. In security conscious production environments, it is recommended to use separate shared dlls for OpenSSL, APR, and libtcnative-1, and update them as needed according to security bulletins.
Windows OpenSSL binaries are linked from the Official OpenSSL website (see related/binaries).
Your OS doesn't have openssl installed, but Tomcat does.