I'm not sure about that compression setting defaulting to false in versions 6.0 and 6.1.
I say this because our scanners found our splunk instances(version 6.1.5) to be vulnerable for TLS crime UNTIL we added "allowSslCompression = false" to our server.conf file.
Once we did that the vulnerability went away.
I would recommend just adding the line to be safe for those who want/need to mitigate the TLS crime vulnerability scan hits.
... View more