I'm not sure if I can help in terms of code, but I just thought I'd throw in my 2 cents worth...
This would be a really great fix for us. We have some offsite Jenkins nodes that do the initial connection through https but then as far as I can tell all following communication on the 49187 port is unprotected. This makes the security people around me very nervous so it would be great for this fix to be available.
I'm a little surprised at how hard it is to find information about this on the Jenkins website, I suspect I'm not the only one who used to think that this was already encrypted as the slave startup line is something like:
java -jar slave.jar -jnlpUrl https://ci.example.com:443/computer/myslave/slave-agent.jnlp -secret sadkfjasfdkjashfdakjfha
That jnlpUrl being https probably makes most people think the connection is more secure than it really is