This entry from Security Metrics suggests that there is some risk associated with negotiation of SSL Compression methods in HTTPS.

Negotiation of protocol compression is allowed under protocol. This is not a risk.

In order to use protocol compression in SSL, both parties must agree on the methods that they will use. It is common for the server to offer the list of methods that can be used. Such information is only usable to the endpoints can is not a risk. Even in instances where a man-in-the-middle attack is present, such information is largely useless in and of itself.

Compression is not security nor is it intended to be security. This should not even be a factor of security analysis.

No action required.

search?q=clearos%2C%20clearos%20content%2C%203rd%20party%2C%20security%20metrics%2C%20non-cve%2C%20maintainer_dloper&btnI=lucky