This is already supported for SOAP Connectors. It's just not as obvious as with REST Connectors:
Upload your truststore and keystore as Keystore records if you haven't already done so (same as for REST).
Create WS-Security profile record (might sound weird, but trust me)
switch to the "Keystore" tab
fill in Keystore and "Truststore" fields with identifiers of appropriate Keystore records
Open SOAP Connector
Switch to "Advanced" tab
Find the "Security profile" field and populate it with the identifier for your WS-Security Profile.
DO NOT click either of the 'Enable' checkboxes in the ws-* area. Though the record type that you used is called "WS-Security Profile," it is doing dual-duty as your SSL configuration, and the Keystore and Truststore identifiers will be picked up for use when the Connector runs. I realize this is a bit unintuitive.