The compression-related issue in the TLS protocol is known as CRIME. BREACH actually applies to HTTP response body compression. So, chances are that you should continue to use the breach-mitigation-rails gem, even if your server does not support compression at the TLS level. (Disclaimer: I am not familiar with this gem; just inferring its purpose from the name.)