Note that the article says that the vulnerability applies to TLS /or/ SPDY -- in particular, it sounds like TLS+DEFLATE sessions are vulnerable, even in the absence of SPDY.