What I hate about this vuln is there's no practical fix for many web servers because there was never an option to disable the TLS compression. They're rushing to backport those options now. The good thing is it seems the top three browsers don't even use TLS compression [anymore].