Your idea, adding a method "public void initiateHandshake(IoSession session)" to the SslFilter class, would be perfectly fine for me.
I just tested it, and it works fine. Only thing, perhaps, is, that I don't know, if session.getFilterChain can return null, so perhaps some null pointer handling is necessary.
