Sounds interesting. Are there any underlying requirements for the encryption, is it symmetrical or assymetrical and what is the perfornance hit?
As long as you have apache compiled with ssl (otherwise why ?) and jsse.jar & jcerts.jar - ie the usual stuff for doing SSL you have all the stuff !
The performance hit is the same as if you were doing anything over an https connection. except that ajp13 is quite good at maintaining a connection between apache and tomcat. So the heavy part of th hand shake doesn't happen that often.