In the http://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf , I would set the following options to false
useSSLCompression = false
allowSslCompression = false
There'll be a few different stanzas depending on what you're disabling it on, but disabling Compression for each setting explicitly would probably help negate this since the options seem to change regularly.
... View more
I am also running into this concern with our use of Splunk in a Federal environment and CRIME vulnerabilities showing up. I read the same answer you linked, but there have been major changes since then. I haven't seen any official word on mitigating that risk. Even with SSL in general, even without browsers, the traffic can still be hijacked.
... View more