OH webserver

For a private site this is quite a restrictive Apache configuration and should clear any outbound filters for ‘weak security’ filters:

SSLProtocol TLSv1.2
SSLCipherSuite “HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128”
SSLHonorCipherOrder on
SSLCompression off

To be honest I’d be surprised if it’s those settings though that are locking you down on a DoD site unless your client device is also making weak choices. My guess (and somewhat hope for the security of DoD) would be that if you are using a non standard port (anything other than 443) then you might struggle.

Seeing as you are in a closed client environment for your site (just you and maybe a partner etc) you should also be able to rely on SNI so you can virtual host your ‘main server’ alongside OH on the same standard 443 port with different domains or just sub domains. Any recent version of Apache will do it, just treat it like you would a normal port 80 virtual host, use a different sub domain with ServerName appropriately set:

<VirtualHost *:443>
   ServerName  oh.mydomain.co.uk
 
   ProxyRequests       Off
   <Proxy *
      Order deny,allow
      Allow from all
      AuthType Basic
      AuthName "Restricted Area"
      AuthUserFile /etc/apache2/wwwpasswd
      Require user openhab
    </Proxy>
    ProxyPass           /   http://<local-OH-IP>
    ProxyPassReverse    /   http://<local-OH-IP>

    SSLEngine on
    SSLProtocol TLSv1.2
    SSLCipherSuite "HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128"
    SSLHonorCipherOrder     on
    SSLCompression off
    ....