Share via

Confirming .NET 4.8 Compatibility with SQL Server 2025 via TDS 7.4 (Backward Compatibility Mode)

Rajeskumar S L 20 Reputation points
2026-03-02T04:36:06.3933333+00:00

Hello,

We are planning a migration from SQL Server 2016 to SQL Server 2025 on Azure VMs (Windows Server 2025). Our application landscape includes both .NET 8.0 and legacy .NET 4.8 applications.

We would like to confirm the following technical approach for our .NET 4.8 apps using the legacy System.Data.SqlClient provider:

  1. Protocol Support: We understand .NET 4.8 only supports up to TDS 7.4. Does SQL Server 2025 officially support connectivity for these legacy clients?
  2. Configuration: To enable this, we plan to set "Force Strict Encryption = NO" on the SQL 2025 instance to allow the TDS 7.4 handshake. Is this the recommended path for legacy compatibility?
  3. Support Lifecycle: Is this configuration considered fully supported by Microsoft for the duration of the Windows Server 2025 lifecycle?

Any guidance on known risks regarding TLS 1.3 or cipher suite mismatches for .NET 4.8 during this migration would be greatly appreciated.

Thank you.

Azure SQL Database

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bharath Y P 5,755 Reputation points Microsoft External Staff Moderator
    2026-03-03T04:08:37.68+00:00

    Hello Rajeskumar S L, this setup will work but there are a few caveats to keep in mind:

    1. Protocol support
      • .NET 4.8’s built-in System.Data.SqlClient driver speaks up through TDS 7.4 only.
      • SQL Server 2025 continues to support legacy TDS 7.x handshakes alongside the new TDS 8.0 protocol—it doesn’t drop backward-compatible support for older clients.
    2. Configuration for legacy clients
      • By default, SQL Server 2025 with “Force Strict Encryption = Yes” kicks clients into TDS 8.0 (strict always-encrypted mode).
      • Setting Force Strict Encryption = No (i.e. optional encryption) lets your .NET 4.8 apps connect via TDS 7.4 while still allowing TLS 1.2.
      • Just be sure your Windows Server Schannel configuration enables TLS 1.2 (but you can leave TLS 1.3 enabled for newer clients).
    3. Support lifecycle
      • Microsoft fully supports this backward-compatibility mode for the life of SQL Server 2025 and Windows Server 2025. You won’t fall outside any supported configuration as long as you stay on supported OS/SQL builds and keep TLS 1.2 patched.
      • The only risk is if you ever disable TLS 1.2 or remove cipher suites that your .NET 4.8 apps need—.NET 4.8 does not support TLS 1.3, so it will fail if 1.2 isn’t available.

    Known risks & tips

    • .NET 4.8 won’t negotiate TLS 1.3. If you ever turn off TLS 1.2 at the OS level, your legacy apps will break.
    • Review your cipher-suite ordering to ensure a strong TLS 1.2 suite is offered to older clients.
    • Consider moving legacy apps to the newer Microsoft.Data.SqlClient when you can—it supports TDS 8.0/strict encryption and TLS 1.3.

    Hope this helps get your migration moving smoothly!

    Reference list

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.