One of the first discussions I noticed around TLS/SSL was in a news report last year.
These guys came back again this year with another attack called “CRIME“. A simplified version of how this attack is executed is described here along with the plan on how chrome is going to address is.
The problem that CRIME highlights is that sensitive cookie data and an attacker controlled path is compressed together in the same context. Cookie data makes up most of the red, uncompressed bytes in the diagram. If the path contains some cookie data, then the compressed headers will be shorter because zlib will be able to refer back to the path, rather than have to output all the literal bytes of the cookie. If you arrange things so that you can probe the contents of the cookie incrementally, then (assuming that the cookie is base64), you can extract the cookie byte-by-byte by inducing the browser to make requests.