KNOWLEDGE BASE

SSL Vulnerability CVE-2014-3566 (POODLE)


Published: 15 Oct 2014
Last Modified Date: 15 Apr 2016

Issue

If you or your organization uses Tableau, you may be affected by the CVE-2014-3566 (POODLE) security vulnerability. This vulnerability can result in insecure or compromised transactions over SSLv3. 

Environment

  • Tableau Server
  • Tableau Desktop
  • Tableau Online
  • Tableau Public

Resolution

Tableau Server 8.3 and later, Tableau Online, and Tableau Public

To ensure our Tableau Server, Tableau Online, and Tableau Public customers are protected, we have disabled the vulnerable SSLv2 and SSLv3 protocols.

Tableau Server 8.2 and earlier

Modify the Tableau Server configuration settings to disable the vulnerable protocols. 

Tableau Server 8.2

  1. On the computer running Tableau Server, open the Command Prompt window as an administrator, and run the following command to navigate to the bin folder:
    • cd "C:\Program Files\Tableau\Tableau Server\<version>\bin"
    Note: If you are running the 32-bit Tableau Server on a 64-bit operating system, you will need to go to C:\Program Files (x86)\Tableau instead of C:\Program Files\Tableau. Also, the above drive and paths may vary depending on where Tableau Server is installed.
     
  2. At the command prompt, run the following commands in order:
    • tabadmin set "ssl.protocols" "'all -SSLv2 -SSLv3'" 
    • tabadmin config
    • tabadmin restart 

Tableau Server 8.1

  1. On the computer running Tableau Server, in Windows Explorer, open the Tableau Server install directory. Typically, the install directory is C:\Program Files\Tableau\Tableau Server\<version>.
  2. Within the install directory in Windows Explorer, double-click the templates folder.
  3. Double-click httpd.conf.templ, and then open the file in a text editor, such as Notepad.
  4. In the httpd.conf.templ file, replace the line "SSLProtocol all -SSLv2" with "SSLProtocol all -SSLv2 -SSLv3", and then save and close the file.
  5. On the computer running Tableau Server, open the Command Prompt window as an administrator, and run the following command to navigate to the bin folder:
    • cd "C:\Program Files\Tableau\Tableau Server\<version>\bin"
    Note: If you are running the 32-bit Tableau Server on a 64-bit operating system, you will need to go to C:\Program Files (x86)\Tableau instead of C:\Program Files\Tableau. Also, the above drive and paths may vary depending on where Tableau Server is installed.
     
  6. At the command prompt, run the following commands in order:
    • tabadmin config
    • tabadmin restart 

Tableau Server 8.0

  1. On the computer running Tableau Server, in Windows Explorer, open the Tableau Server install directory. Typically, the install directory is C:\Program Files\Tableau\Tableau Server\<version>.
  2. Within the install directory in Windows Explorer, double-click the templates folder.
  3. Double-click httpd.conf.templ, and then open the file in a text editor, such as Notepad.
  4. In the httpd.conf.templ file, replace the line "SSLProtocol all -SSLv2" with "SSLProtocol all -SSLv2 -SSLv3", and then save and close the file.
  5. On the computer running Tableau Server, open the Command Prompt window as an administrator, and run one of the following commands:
    • On a 32-bit computer: cd "C:\Program Files\Tableau\Tableau Server\<version>\bin"
    • On a 64-bit computer: cd "C:\Program Files (x86)\Tableau\Tableau Server\<version>\bin"
  6. At the command prompt, run the following commands in order:
    • tabadmin config
    • tabadmin restart
Did this article resolve the issue?