This was discovered during a recent case and I am passing it on to the APM Community:
Situation: NOT able to decrypt traffic (Apache web server). The cipher suite is: TLS_RSA_WITH_AES_256_CBC_SHA
Root Cause: Use of “SSL/TLS compression” feature in their environment and TIM/ssldump code analysis found that it doesn’t have support for SSL/TLS Compression for DEFLATE type.
While researching further on SSL/TLS compression feature/implementations, we found that there is a serious security/vulnerability issue with SSL/TLS compression feature raised/observed in September, 2012 that causing serious Crime attacks with this feature. For more details on how to hijack HTTPS sessions with this feature, how/what browser and web server vendors TURN OFF this feature in later versions as part of mitigation activity etc, please refer the below technical and public links:
https://isecpartners.com/blog/2012/september/details-on-the-crime-attack.aspx
http://www.computerworld.com/s/article/9231281/_CRIME_attack_abuses_SSL_TLS_data_compression_feature_to_hijack_HTTPS_sessions
Interestingly, Microsoft IIS webserver does not support SSL/TLS Compression - even in IIS 7.5/Server 2008 R2 and also Apache did the back port this critical FIX (i.e. turn off) from 2.4 to 2.2.24 due to popular demand by community (http://svn.apache.org/viewvc?view=revision&revision=1400700 ) and also updated the same in Apache mod_ssl documentation about crime attack
Thanks
Hallett German
CA Technologies Support