04-May-2020 23:50:49.959 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version:        Apache Tomcat/8.5.42
04-May-2020 23:50:49.984 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Jun 4 2019 20:29:04 UTC
04-May-2020 23:50:49.984 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number:         8.5.42.0
04-May-2020 23:50:49.984 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               SunOS
04-May-2020 23:50:49.984 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            5.11
04-May-2020 23:50:49.984 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
04-May-2020 23:50:49.984 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /usr/jdk/instances/jdk1.8.0/jre
04-May-2020 23:50:49.984 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           1.8.0_141-b15
04-May-2020 23:50:49.984 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Oracle Corporation
...
04-May-2020 23:50:49.986 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.21] using APR version [1.7.0].
04-May-2020 23:50:49.986 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
04-May-2020 23:50:49.986 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
04-May-2020 23:50:49.991 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1c  28 May 2019]
...
04-May-2020 23:50:50.382 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-apr-8443"]
...

root@testweb1:~# ptree -ac `pgrep jsvc`
1923  zsched
  [process contract 337]
    2384  /usr/sbin/init
      [process contract 344]
        2425  /lib/svc/bin/svc.startd
          [process contract 5455214]
            4674  /path/to/tomcat/bin/jsvc -java-home /usr/java -user tomcat
              4675  /path/to/tomcat/bin/jsvc -java-home /usr/java -user tomcat

root@testweb1:~# pldd 4675 | grep -i ssl
/path/to/lib/amd64/libssl.so.1.1

root@testweb1:~# pkg contents openssl-avx2 | grep libssl.so.1.1
/path/to/lib/amd64/libssl.so.1.1

root@testweb1:~# pkg info openssl-avx2
             Name: path/to/library/openssl-avx2
          Summary: openssl for AVX2 CPUs - A toolkit for Secure Sockets Layer
                   (SSL v2/v3) and Transport Layer (TLS v1) protocols and
                   general purpose cryptographic library
            State: Installed
        Publisher: path-to
          Version: 1.1.1.3 (1.1.1c)
           Branch: 4.2019
   Packaging Date: June 28, 2019 at  1:27:49 PM
Last Install Time: April  7, 2019 at 11:40:23 AM
 Last Update Time: June 28, 2019 at  5:46:25 PM
             Size: 13.79 MB
             FMRI: pkg://path/to/library/openssl-avx2@1.1.1.3-4.2019:20190628T132749Z


$ nmap --script ssl-enum-ciphers -p 8443 testweb1
Starting Nmap 7.70 (  https://nmap.org  ) at 2020-05-04 23:56 MSK
Nmap scan report for testweb1 (000.000.000.000)
Host is up (0.00017s latency).

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-enum-ciphers:
|   TLSv1.0:
|     ciphers:
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 4096) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 4096) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 4096) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 4096) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       Key exchange (secp256r1) of lower strength than certificate key
|   TLSv1.1:
|     ciphers:
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 4096) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 4096) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 4096) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 4096) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       Key exchange (secp256r1) of lower strength than certificate key
|   TLSv1.2:
|     ciphers:
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 4096) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 4096) - A
|       TLS_DHE_RSA_WITH_AES_128_CCM (dh 4096) - A
|       TLS_DHE_RSA_WITH_AES_128_CCM_8 (dh 4096) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 4096) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 4096) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 4096) - A
|       TLS_DHE_RSA_WITH_AES_256_CCM (dh 4096) - A
|       TLS_DHE_RSA_WITH_AES_256_CCM_8 (dh 4096) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 4096) - A
|       TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 (dh 4096) - A
|       TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 (dh 4096) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 4096) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (dh 4096) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 4096) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (dh 4096) - A
|       TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 4096) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       Key exchange (secp256r1) of lower strength than certificate key
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 17.46 seconds

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="/path/to/privkey.pem"
                         certificateFile="/path/to/cert.pem"
                         certificateChainFile="/path/to/chain.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>