Why can't we get a simplified version of TLS that has only one option of the most secure cipher and isn't vulnerable to things like BEAST, CRIME, or BREACH?
http://www.kb.cert.org/vuls/id/987798 What is it about the ciphers that they cannot protect the data whether compressed or not? Would using AES for at rest data be vulnerable if it was compressed first? Even with the same style attack I would guess not. Could we define a TLS version 2.0 with one cipher that was not vulnerable and one simple config? All clients would simply be vulnerable until they upgraded or patched to support TLS 2.0. For web servers that don't support the fixed and simplified version have the browser show a warning that the site is not secure regardless whether or not the ssl cert is valid. Because of the mess of supporting older clients and complex configs the value of SSL/TLS is greatly diminished.
