The trick provided by Jon is a nice hack, but I am afraid it could break if you want to use more [OR] conditions, and if you use more backreferences you have to be careful which number to use (%1 or %2 or ..).
I think the most elegant, robust and clean solution for smart HTTP/HTTPS handling is to set a variable:
# initialization code - put only once at the beginning of .htaccess
RewriteCond %{HTTPS} =on
RewriteRule ^(.*)$ - [env=proto:https]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ - [env=proto:http]
# simply use %{ENV:proto} in your rules:
RewriteCond %{HTTP_HOST} ^sub.domain.com$ [NC]
RewriteRule ^ %{ENV:proto}://sub.domain.com:2368%{REQUEST_URI} [P,QSA,L]
The advantage also is that the initialization code needs to be run only once, so if you have more rewrite rules then the resultant code is much shorter and more elegant.
Note a common setup is https provided with cloudflare, in which case HTTPS is not ‘on’ on the server itself. In that case you need extra rules like (note order):
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"' [OR]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ - [env=proto:http]
RewriteCond %{HTTP:CF-Visitor} '"scheme":"https"' [OR]
RewriteCond %{HTTPS} =on
RewriteRule ^(.*)$ - [env=proto:https]