For a private site this is quite a restrictive Apache configuration and should clear any outbound filters for ‘weak security’ filters:
SSLProtocol TLSv1.2
SSLCipherSuite “HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128”
SSLHonorCipherOrder on
SSLCompression off
To be honest I’d be surprised if it’s those settings though that are locking you down on a DoD site unless your client device is also making weak choices. My guess (and somewhat hope for the security of DoD) would be that if you are using a non standard port (anything other than 443) then you might struggle.
Seeing as you are in a closed client environment for your site (just you and maybe a partner etc) you should also be able to rely on SNI so you can virtual host your ‘main server’ alongside OH on the same standard 443 port with different domains or just sub domains. Any recent version of Apache will do it, just treat it like you would a normal port 80 virtual host, use a different sub domain with ServerName appropriately set:
<VirtualHost *:443>
ServerName oh.mydomain.co.uk
ProxyRequests Off
<Proxy *
Order deny,allow
Allow from all
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /etc/apache2/wwwpasswd
Require user openhab
</Proxy>
ProxyPass / http://<local-OH-IP>
ProxyPassReverse / http://<local-OH-IP>
SSLEngine on
SSLProtocol TLSv1.2
SSLCipherSuite "HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128"
SSLHonorCipherOrder on
SSLCompression off
....