Tableau Server – Patching OpenSSL – HeartBleed Bug


Tableau Server – Patching OpenSSL – HeartBleed Bug

A major vulnerability was recently patched in OpenSSL. Tableau Server 8.1.5 currently uses a vulnerable version OpenSSL. The patched version of OpenSSL is 1.0.1g. Here’s a quick guide on how you can perform an in-place upgrade of OpenSSL to close the security hole. Please do so at your own risk, make backup copies of the files before doing anything, and understand this may invalidate your support while the changes are in place.

This will primarily affect Tableau Server instances utilizing SSL support, but could also affect reverse proxy configurations. It is more important to patch vulnerable servers that are internet facing.

  1. Obtain updated Windows OpenSSL binaries from:
  2. Download the package Win32 OpenSSL v1.0.1g Light (or your desired version) to your Tableau Server
  3. Run the application, extract to a local folder and be sure to have the installer copy the DLLs to that same local folder
  4. Stop Tableau Server
  5. Make a backup copy of files libeay32.dll and ssleay32.dll in %Program Files%TableauTableau Serverapachebin
  6. Copy the libeay32.dll and ssleay32.dll files from the new local OpenSSL version folder into %Program Files%TableauTableau Serverapachebin
  7. Start Tableau Server
  8. Once Tableau is fully started, verify https is still working

OpenSSL heartbleed CVE-2014-0160 –

A useful site to check your vulnerability status:

In addition to patching the security hole, please understand this is a major vulnerabilty that could have already been used to expose your private SSL key, permitting others to gain access to the encrypted data. Regeneration of private keys, reissuance of SSL certificates and changing sensitive information is a highly-recommended next step.

2014-04-10 Update: Tableau posted an official response to the blog with useful technical information at and they are targeting a release of 8.1.6 this evening, and all users should update both the desktop and server editions. This post was a quick way to deal with securing solely the built-in HTTPS endpoint that Tableau Server provides that sometimes is made internet-accessible. There are a number of other risks associated with this vulnerabilty, including client-side OpenSSL implementations if you wind up connecting to a malicious site. This can possibly come into effect when opening a Tableau dashboard in desktop that has a webpart to a compromised site. Further general reading on client-side risks can be found at but bottom line, please do update both the desktop and server clients as soon as they are released.

More About the Author

Daniel Holm

Chief Architect, IT Services
Quick Q&A: Why We Like Dell-EMC for Just About Everything IT In this edition of “Quick Q&A,” we talk about Dell-EMC with InterWorks Director of Enterprise Solutions Daniel Holm, IT ...
Testing the Beta NVIDIA RTX Audio Driver NVIDIA is always pushing the limit of what their video cards can do. However, they have now started to use the AI abilities they ...

See more from this author →

InterWorks uses cookies to allow us to better understand how the site is used. By continuing to use this site, you consent to this policy. Review Policy OK


Interworks GmbH
Ratinger Straße 9
40213 Düsseldorf
Geschäftsführer: Mel Stephenson

Telefon: +49 (0)211 5408 5301

Amtsgericht Düsseldorf HRB 79752
UstldNr: DE 313 353 072


Love our blog? You should see our emails. Sign up for our newsletter!