Why does SSL Labs now consider CBC suites weak?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







53















Why does SSL labs now mark CBC 256 suites as weak, although equivalent GCM and ChaCha20 are considered strong? Until a few months ago, it was unmarked in reports (neither explicitly as weak or strong), and it is still unmarked in their client lists.



The suites in question are:




  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA384

  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA


The SHA1s are a requirement to support Android 5 and 6 with 4x100% score. It still gets 4x100% score, but it marks it as weak, which from an OCD perspective doesn’t look “professional”.










share|improve this question

























  • TLS v1.3 prefers authenticated encryption modes of operation for block ciphers, like GCM mode. AuthEnc modes have been available since TLS v1.1, if I recall correctly. ChaCha20 is a stream cipher, and it is not operated in a mode per se, so warnings about CBC mode do not apply.

    – jww
    May 13 at 17:14













  • @jww TLS 1.3 only supports authenticated encryption, null ciphers, block ciphers (such as AES-CBC) and stream ciphers (such as RC4) are no longer possible. Authenticated encryption is only available since TLS 1.2 and is defined in RFC 5246, Section 6.2.3.3. It cannot be used with TLS 1.1 and before.

    – Lekensteyn
    May 14 at 21:12




















53















Why does SSL labs now mark CBC 256 suites as weak, although equivalent GCM and ChaCha20 are considered strong? Until a few months ago, it was unmarked in reports (neither explicitly as weak or strong), and it is still unmarked in their client lists.



The suites in question are:




  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA384

  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA


The SHA1s are a requirement to support Android 5 and 6 with 4x100% score. It still gets 4x100% score, but it marks it as weak, which from an OCD perspective doesn’t look “professional”.










share|improve this question

























  • TLS v1.3 prefers authenticated encryption modes of operation for block ciphers, like GCM mode. AuthEnc modes have been available since TLS v1.1, if I recall correctly. ChaCha20 is a stream cipher, and it is not operated in a mode per se, so warnings about CBC mode do not apply.

    – jww
    May 13 at 17:14













  • @jww TLS 1.3 only supports authenticated encryption, null ciphers, block ciphers (such as AES-CBC) and stream ciphers (such as RC4) are no longer possible. Authenticated encryption is only available since TLS 1.2 and is defined in RFC 5246, Section 6.2.3.3. It cannot be used with TLS 1.1 and before.

    – Lekensteyn
    May 14 at 21:12
















53












53








53


8






Why does SSL labs now mark CBC 256 suites as weak, although equivalent GCM and ChaCha20 are considered strong? Until a few months ago, it was unmarked in reports (neither explicitly as weak or strong), and it is still unmarked in their client lists.



The suites in question are:




  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA384

  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA


The SHA1s are a requirement to support Android 5 and 6 with 4x100% score. It still gets 4x100% score, but it marks it as weak, which from an OCD perspective doesn’t look “professional”.










share|improve this question
















Why does SSL labs now mark CBC 256 suites as weak, although equivalent GCM and ChaCha20 are considered strong? Until a few months ago, it was unmarked in reports (neither explicitly as weak or strong), and it is still unmarked in their client lists.



The suites in question are:




  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA384

  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA


The SHA1s are a requirement to support Android 5 and 6 with 4x100% score. It still gets 4x100% score, but it marks it as weak, which from an OCD perspective doesn’t look “professional”.







tls cbc






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited May 13 at 12:14









TRiG

466413




466413










asked May 13 at 6:46









Martin HorskyMartin Horsky

36828




36828













  • TLS v1.3 prefers authenticated encryption modes of operation for block ciphers, like GCM mode. AuthEnc modes have been available since TLS v1.1, if I recall correctly. ChaCha20 is a stream cipher, and it is not operated in a mode per se, so warnings about CBC mode do not apply.

    – jww
    May 13 at 17:14













  • @jww TLS 1.3 only supports authenticated encryption, null ciphers, block ciphers (such as AES-CBC) and stream ciphers (such as RC4) are no longer possible. Authenticated encryption is only available since TLS 1.2 and is defined in RFC 5246, Section 6.2.3.3. It cannot be used with TLS 1.1 and before.

    – Lekensteyn
    May 14 at 21:12





















  • TLS v1.3 prefers authenticated encryption modes of operation for block ciphers, like GCM mode. AuthEnc modes have been available since TLS v1.1, if I recall correctly. ChaCha20 is a stream cipher, and it is not operated in a mode per se, so warnings about CBC mode do not apply.

    – jww
    May 13 at 17:14













  • @jww TLS 1.3 only supports authenticated encryption, null ciphers, block ciphers (such as AES-CBC) and stream ciphers (such as RC4) are no longer possible. Authenticated encryption is only available since TLS 1.2 and is defined in RFC 5246, Section 6.2.3.3. It cannot be used with TLS 1.1 and before.

    – Lekensteyn
    May 14 at 21:12



















TLS v1.3 prefers authenticated encryption modes of operation for block ciphers, like GCM mode. AuthEnc modes have been available since TLS v1.1, if I recall correctly. ChaCha20 is a stream cipher, and it is not operated in a mode per se, so warnings about CBC mode do not apply.

– jww
May 13 at 17:14







TLS v1.3 prefers authenticated encryption modes of operation for block ciphers, like GCM mode. AuthEnc modes have been available since TLS v1.1, if I recall correctly. ChaCha20 is a stream cipher, and it is not operated in a mode per se, so warnings about CBC mode do not apply.

– jww
May 13 at 17:14















@jww TLS 1.3 only supports authenticated encryption, null ciphers, block ciphers (such as AES-CBC) and stream ciphers (such as RC4) are no longer possible. Authenticated encryption is only available since TLS 1.2 and is defined in RFC 5246, Section 6.2.3.3. It cannot be used with TLS 1.1 and before.

– Lekensteyn
May 14 at 21:12







@jww TLS 1.3 only supports authenticated encryption, null ciphers, block ciphers (such as AES-CBC) and stream ciphers (such as RC4) are no longer possible. Authenticated encryption is only available since TLS 1.2 and is defined in RFC 5246, Section 6.2.3.3. It cannot be used with TLS 1.1 and before.

– Lekensteyn
May 14 at 21:12












2 Answers
2






active

oldest

votes


















56














While CBC is fine in theory, there is always the risk that an improper implementation will subject the connection to padding oracle attacks. Time and time again, CBC implementations in TLS have shown themselves to be vulnerable, and each time an implementation is fixed, it seems yet another bug making padding oracle attacks feasible appears. Lucky Thirteen was published in 2013, and variants of this attack based on side channels keep popping up. SSL Labs is just observing history and learning from it.






share|improve this answer


























  • So would you consider it to be secure enough for a production server? It seems like the only way to support Andoird 5 and 6. Other ciphers they work with are old implementations of ChaCha20, DES, 3DES, and 128b CBC and GCM (and RC4). It doesn't look like there's a better solution.

    – Martin Horsky
    May 13 at 10:46






  • 8





    From our server logs I can see a lot of Android 5 devices using either ECDHE-RSA-AES128-GCM-SHA256 or ECDHE-RSA-CHACHA20-POLY1305. So even though these ciphers are not part of the API for Android 5, they seem to be available on a number of devices.

    – Gert-Jan
    May 13 at 11:38



















30














Simply put, after four new CBC-exclusive attacks have been revealed, all padding oracle attacks, they want to discourage it, as per a comment from the author of the update blogpost:




We are only encouraging to move away from CBC based cipher suits after 4 new CBC based vulnerabilities. As of now, there is no grade change for CBC and servers can continue to use.







share|improve this answer
























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "162"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f210072%2fwhy-does-ssl-labs-now-consider-cbc-suites-weak%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    56














    While CBC is fine in theory, there is always the risk that an improper implementation will subject the connection to padding oracle attacks. Time and time again, CBC implementations in TLS have shown themselves to be vulnerable, and each time an implementation is fixed, it seems yet another bug making padding oracle attacks feasible appears. Lucky Thirteen was published in 2013, and variants of this attack based on side channels keep popping up. SSL Labs is just observing history and learning from it.






    share|improve this answer


























    • So would you consider it to be secure enough for a production server? It seems like the only way to support Andoird 5 and 6. Other ciphers they work with are old implementations of ChaCha20, DES, 3DES, and 128b CBC and GCM (and RC4). It doesn't look like there's a better solution.

      – Martin Horsky
      May 13 at 10:46






    • 8





      From our server logs I can see a lot of Android 5 devices using either ECDHE-RSA-AES128-GCM-SHA256 or ECDHE-RSA-CHACHA20-POLY1305. So even though these ciphers are not part of the API for Android 5, they seem to be available on a number of devices.

      – Gert-Jan
      May 13 at 11:38
















    56














    While CBC is fine in theory, there is always the risk that an improper implementation will subject the connection to padding oracle attacks. Time and time again, CBC implementations in TLS have shown themselves to be vulnerable, and each time an implementation is fixed, it seems yet another bug making padding oracle attacks feasible appears. Lucky Thirteen was published in 2013, and variants of this attack based on side channels keep popping up. SSL Labs is just observing history and learning from it.






    share|improve this answer


























    • So would you consider it to be secure enough for a production server? It seems like the only way to support Andoird 5 and 6. Other ciphers they work with are old implementations of ChaCha20, DES, 3DES, and 128b CBC and GCM (and RC4). It doesn't look like there's a better solution.

      – Martin Horsky
      May 13 at 10:46






    • 8





      From our server logs I can see a lot of Android 5 devices using either ECDHE-RSA-AES128-GCM-SHA256 or ECDHE-RSA-CHACHA20-POLY1305. So even though these ciphers are not part of the API for Android 5, they seem to be available on a number of devices.

      – Gert-Jan
      May 13 at 11:38














    56












    56








    56







    While CBC is fine in theory, there is always the risk that an improper implementation will subject the connection to padding oracle attacks. Time and time again, CBC implementations in TLS have shown themselves to be vulnerable, and each time an implementation is fixed, it seems yet another bug making padding oracle attacks feasible appears. Lucky Thirteen was published in 2013, and variants of this attack based on side channels keep popping up. SSL Labs is just observing history and learning from it.






    share|improve this answer















    While CBC is fine in theory, there is always the risk that an improper implementation will subject the connection to padding oracle attacks. Time and time again, CBC implementations in TLS have shown themselves to be vulnerable, and each time an implementation is fixed, it seems yet another bug making padding oracle attacks feasible appears. Lucky Thirteen was published in 2013, and variants of this attack based on side channels keep popping up. SSL Labs is just observing history and learning from it.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited May 13 at 22:53

























    answered May 13 at 6:52









    forestforest

    43.9k18145161




    43.9k18145161













    • So would you consider it to be secure enough for a production server? It seems like the only way to support Andoird 5 and 6. Other ciphers they work with are old implementations of ChaCha20, DES, 3DES, and 128b CBC and GCM (and RC4). It doesn't look like there's a better solution.

      – Martin Horsky
      May 13 at 10:46






    • 8





      From our server logs I can see a lot of Android 5 devices using either ECDHE-RSA-AES128-GCM-SHA256 or ECDHE-RSA-CHACHA20-POLY1305. So even though these ciphers are not part of the API for Android 5, they seem to be available on a number of devices.

      – Gert-Jan
      May 13 at 11:38



















    • So would you consider it to be secure enough for a production server? It seems like the only way to support Andoird 5 and 6. Other ciphers they work with are old implementations of ChaCha20, DES, 3DES, and 128b CBC and GCM (and RC4). It doesn't look like there's a better solution.

      – Martin Horsky
      May 13 at 10:46






    • 8





      From our server logs I can see a lot of Android 5 devices using either ECDHE-RSA-AES128-GCM-SHA256 or ECDHE-RSA-CHACHA20-POLY1305. So even though these ciphers are not part of the API for Android 5, they seem to be available on a number of devices.

      – Gert-Jan
      May 13 at 11:38

















    So would you consider it to be secure enough for a production server? It seems like the only way to support Andoird 5 and 6. Other ciphers they work with are old implementations of ChaCha20, DES, 3DES, and 128b CBC and GCM (and RC4). It doesn't look like there's a better solution.

    – Martin Horsky
    May 13 at 10:46





    So would you consider it to be secure enough for a production server? It seems like the only way to support Andoird 5 and 6. Other ciphers they work with are old implementations of ChaCha20, DES, 3DES, and 128b CBC and GCM (and RC4). It doesn't look like there's a better solution.

    – Martin Horsky
    May 13 at 10:46




    8




    8





    From our server logs I can see a lot of Android 5 devices using either ECDHE-RSA-AES128-GCM-SHA256 or ECDHE-RSA-CHACHA20-POLY1305. So even though these ciphers are not part of the API for Android 5, they seem to be available on a number of devices.

    – Gert-Jan
    May 13 at 11:38





    From our server logs I can see a lot of Android 5 devices using either ECDHE-RSA-AES128-GCM-SHA256 or ECDHE-RSA-CHACHA20-POLY1305. So even though these ciphers are not part of the API for Android 5, they seem to be available on a number of devices.

    – Gert-Jan
    May 13 at 11:38













    30














    Simply put, after four new CBC-exclusive attacks have been revealed, all padding oracle attacks, they want to discourage it, as per a comment from the author of the update blogpost:




    We are only encouraging to move away from CBC based cipher suits after 4 new CBC based vulnerabilities. As of now, there is no grade change for CBC and servers can continue to use.







    share|improve this answer




























      30














      Simply put, after four new CBC-exclusive attacks have been revealed, all padding oracle attacks, they want to discourage it, as per a comment from the author of the update blogpost:




      We are only encouraging to move away from CBC based cipher suits after 4 new CBC based vulnerabilities. As of now, there is no grade change for CBC and servers can continue to use.







      share|improve this answer


























        30












        30








        30







        Simply put, after four new CBC-exclusive attacks have been revealed, all padding oracle attacks, they want to discourage it, as per a comment from the author of the update blogpost:




        We are only encouraging to move away from CBC based cipher suits after 4 new CBC based vulnerabilities. As of now, there is no grade change for CBC and servers can continue to use.







        share|improve this answer













        Simply put, after four new CBC-exclusive attacks have been revealed, all padding oracle attacks, they want to discourage it, as per a comment from the author of the update blogpost:




        We are only encouraging to move away from CBC based cipher suits after 4 new CBC based vulnerabilities. As of now, there is no grade change for CBC and servers can continue to use.








        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered May 13 at 8:53









        Chloride CullChloride Cull

        40134




        40134






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Information Security Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f210072%2fwhy-does-ssl-labs-now-consider-cbc-suites-weak%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Færeyskur hestur Heimild | Tengill | Tilvísanir | LeiðsagnarvalRossið - síða um færeyska hrossið á færeyskuGott ár hjá færeyska hestinum

            He _____ here since 1970 . Answer needed [closed]What does “since he was so high” mean?Meaning of “catch birds for”?How do I ensure “since” takes the meaning I want?“Who cares here” meaningWhat does “right round toward” mean?the time tense (had now been detected)What does the phrase “ring around the roses” mean here?Correct usage of “visited upon”Meaning of “foiled rail sabotage bid”It was the third time I had gone to Rome or It is the third time I had been to Rome

            Slayer Innehåll Historia | Stil, komposition och lyrik | Bandets betydelse och framgångar | Sidoprojekt och samarbeten | Kontroverser | Medlemmar | Utmärkelser och nomineringar | Turnéer och festivaler | Diskografi | Referenser | Externa länkar | Navigeringsmenywww.slayer.net”Metal Massacre vol. 1””Metal Massacre vol. 3””Metal Massacre Volume III””Show No Mercy””Haunting the Chapel””Live Undead””Hell Awaits””Reign in Blood””Reign in Blood””Gold & Platinum – Reign in Blood””Golden Gods Awards Winners”originalet”Kerrang! Hall Of Fame””Slayer Looks Back On 37-Year Career In New Video Series: Part Two””South of Heaven””Gold & Platinum – South of Heaven””Seasons in the Abyss””Gold & Platinum - Seasons in the Abyss””Divine Intervention””Divine Intervention - Release group by Slayer””Gold & Platinum - Divine Intervention””Live Intrusion””Undisputed Attitude””Abolish Government/Superficial Love””Release “Slatanic Slaughter: A Tribute to Slayer” by Various Artists””Diabolus in Musica””Soundtrack to the Apocalypse””God Hates Us All””Systematic - Relationships””War at the Warfield””Gold & Platinum - War at the Warfield””Soundtrack to the Apocalypse””Gold & Platinum - Still Reigning””Metallica, Slayer, Iron Mauden Among Winners At Metal Hammer Awards””Eternal Pyre””Eternal Pyre - Slayer release group””Eternal Pyre””Metal Storm Awards 2006””Kerrang! Hall Of Fame””Slayer Wins 'Best Metal' Grammy Award””Slayer Guitarist Jeff Hanneman Dies””Bullet-For My Valentine booed at Metal Hammer Golden Gods Awards””Unholy Aliance””The End Of Slayer?””Slayer: We Could Thrash Out Two More Albums If We're Fast Enough...””'The Unholy Alliance: Chapter III' UK Dates Added”originalet”Megadeth And Slayer To Co-Headline 'Canadian Carnage' Trek”originalet”World Painted Blood””Release “World Painted Blood” by Slayer””Metallica Heading To Cinemas””Slayer, Megadeth To Join Forces For 'European Carnage' Tour - Dec. 18, 2010”originalet”Slayer's Hanneman Contracts Acute Infection; Band To Bring In Guest Guitarist””Cannibal Corpse's Pat O'Brien Will Step In As Slayer's Guest Guitarist”originalet”Slayer’s Jeff Hanneman Dead at 49””Dave Lombardo Says He Made Only $67,000 In 2011 While Touring With Slayer””Slayer: We Do Not Agree With Dave Lombardo's Substance Or Timeline Of Events””Slayer Welcomes Drummer Paul Bostaph Back To The Fold””Slayer Hope to Unveil Never-Before-Heard Jeff Hanneman Material on Next Album””Slayer Debut New Song 'Implode' During Surprise Golden Gods Appearance””Release group Repentless by Slayer””Repentless - Slayer - Credits””Slayer””Metal Storm Awards 2015””Slayer - to release comic book "Repentless #1"””Slayer To Release 'Repentless' 6.66" Vinyl Box Set””BREAKING NEWS: Slayer Announce Farewell Tour””Slayer Recruit Lamb of God, Anthrax, Behemoth + Testament for Final Tour””Slayer lägger ner efter 37 år””Slayer Announces Second North American Leg Of 'Final' Tour””Final World Tour””Slayer Announces Final European Tour With Lamb of God, Anthrax And Obituary””Slayer To Tour Europe With Lamb of God, Anthrax And Obituary””Slayer To Play 'Last French Show Ever' At Next Year's Hellfst””Slayer's Final World Tour Will Extend Into 2019””Death Angel's Rob Cavestany On Slayer's 'Farewell' Tour: 'Some Of Us Could See This Coming'””Testament Has No Plans To Retire Anytime Soon, Says Chuck Billy””Anthrax's Scott Ian On Slayer's 'Farewell' Tour Plans: 'I Was Surprised And I Wasn't Surprised'””Slayer””Slayer's Morbid Schlock””Review/Rock; For Slayer, the Mania Is the Message””Slayer - Biography””Slayer - Reign In Blood”originalet”Dave Lombardo””An exclusive oral history of Slayer”originalet”Exclusive! Interview With Slayer Guitarist Jeff Hanneman”originalet”Thinking Out Loud: Slayer's Kerry King on hair metal, Satan and being polite””Slayer Lyrics””Slayer - Biography””Most influential artists for extreme metal music””Slayer - Reign in Blood””Slayer guitarist Jeff Hanneman dies aged 49””Slatanic Slaughter: A Tribute to Slayer””Gateway to Hell: A Tribute to Slayer””Covered In Blood””Slayer: The Origins of Thrash in San Francisco, CA.””Why They Rule - #6 Slayer”originalet”Guitar World's 100 Greatest Heavy Metal Guitarists Of All Time”originalet”The fans have spoken: Slayer comes out on top in readers' polls”originalet”Tribute to Jeff Hanneman (1964-2013)””Lamb Of God Frontman: We Sound Like A Slayer Rip-Off””BEHEMOTH Frontman Pays Tribute To SLAYER's JEFF HANNEMAN””Slayer, Hatebreed Doing Double Duty On This Year's Ozzfest””System of a Down””Lacuna Coil’s Andrea Ferro Talks Influences, Skateboarding, Band Origins + More””Slayer - Reign in Blood””Into The Lungs of Hell””Slayer rules - en utställning om fans””Slayer and Their Fans Slashed Through a No-Holds-Barred Night at Gas Monkey””Home””Slayer””Gold & Platinum - The Big 4 Live from Sofia, Bulgaria””Exclusive! Interview With Slayer Guitarist Kerry King””2008-02-23: Wiltern, Los Angeles, CA, USA””Slayer's Kerry King To Perform With Megadeth Tonight! - Oct. 21, 2010”originalet”Dave Lombardo - Biography”Slayer Case DismissedArkiveradUltimate Classic Rock: Slayer guitarist Jeff Hanneman dead at 49.”Slayer: "We could never do any thing like Some Kind Of Monster..."””Cannibal Corpse'S Pat O'Brien Will Step In As Slayer'S Guest Guitarist | The Official Slayer Site”originalet”Slayer Wins 'Best Metal' Grammy Award””Slayer Guitarist Jeff Hanneman Dies””Kerrang! Awards 2006 Blog: Kerrang! Hall Of Fame””Kerrang! Awards 2013: Kerrang! Legend”originalet”Metallica, Slayer, Iron Maien Among Winners At Metal Hammer Awards””Metal Hammer Golden Gods Awards””Bullet For My Valentine Booed At Metal Hammer Golden Gods Awards””Metal Storm Awards 2006””Metal Storm Awards 2015””Slayer's Concert History””Slayer - Relationships””Slayer - Releases”Slayers officiella webbplatsSlayer på MusicBrainzOfficiell webbplatsSlayerSlayerr1373445760000 0001 1540 47353068615-5086262726cb13906545x(data)6033143kn20030215029