Microsoft has pushed the first public Release Candidate (RC0) of SQL Server 2025 into preview with two headline changes that matter to every Windows-centric IT team experimenting with Linux-first development: official Ubuntu 24.04 support for dev/test scenarios and TLS 1.3 enabled by default, with container-ready artifacts and quickstart guidance to make testing painless.
Microsoft’s SQL Server on Linux initiative has steadily broadened platform support and hardened security since the first Linux release. The SQL Server 2025 RC0 preview represents the next step in that evolution by aligning with the newest Ubuntu LTS and with modern transport security standards. For organizations that balance Windows server infrastructure with Linux-based developer tooling, this preview reduces friction for developing and validating Linux-hosted SQL Server scenarios while also bringing default secure-by-design behavior to connections.
Microsoft’s official guidance frames the RC0 offering as a dev/test convenience: the release ships as an Enterprise Evaluation Edition valid for 180 days, intended for experimentation and validation rather than immediate migration of production workloads. The company explicitly recommends continuing to run mission-critical systems on SQL Server 2022 on supported Linux platforms such as Ubuntu 22.04 or RHEL 9 until broader certification and GA-level support arrive. (techcommunity.microsoft.com, neowin.net)
TCP handshake → TLS handshake → TDS prelogin (encrypted) → Authentication (encrypted) → Data exchange (encrypted)
This order reduces the attack surface during initial negotiation and enforces encryption semantics from the start of the connection.
Example (as shown in the official quickstart):
At the same time, the preview is deliberately scoped for dev/test and carries attendant caveats: production workloads should remain on certified, supported builds (such as SQL Server 2022 on Ubuntu 22.04) until Microsoft issues GA certifications and ecosystem vendors confirm support. The TLS 1.3 shift is a robust security win, but driver, client, and monitoring compatibility must be validated to avoid unexpected disruptions.
For Windows-first teams that want to embrace Linux-hosted databases without committing production resources, this RC0 makes sensible exploration straightforward. For operations and compliance teams, the prudent route is a staged validation program that combines containerized testing, driver compatibility checks, and an explicit rollback plan until GA and certification follow. (techcommunity.microsoft.com, neowin.net)
The SQL Server 2025 preview signals a forward-looking platform posture—closer integration with modern Linux LTS releases and a decisive move to secure-by-default transports. The next steps for teams are practical: test broadly, measure carefully, and wait for certification before rewriting production runbooks.
Source: Windows Report Microsoft Previews SQL Server 2025 with Ubuntu 24.04 and TLS 1.3
Background
Microsoft’s SQL Server on Linux initiative has steadily broadened platform support and hardened security since the first Linux release. The SQL Server 2025 RC0 preview represents the next step in that evolution by aligning with the newest Ubuntu LTS and with modern transport security standards. For organizations that balance Windows server infrastructure with Linux-based developer tooling, this preview reduces friction for developing and validating Linux-hosted SQL Server scenarios while also bringing default secure-by-design behavior to connections. Microsoft’s official guidance frames the RC0 offering as a dev/test convenience: the release ships as an Enterprise Evaluation Edition valid for 180 days, intended for experimentation and validation rather than immediate migration of production workloads. The company explicitly recommends continuing to run mission-critical systems on SQL Server 2022 on supported Linux platforms such as Ubuntu 22.04 or RHEL 9 until broader certification and GA-level support arrive. (techcommunity.microsoft.com, neowin.net)
What’s new, at a glance
- Ubuntu 24.04 support for SQL Server 2025 RC0 in dev/test scenarios, with a 180-day Enterprise Evaluation image available.
- TLS 1.3 enabled by default, paired with TDS 8.0 changes that shift the connection sequence to enforce encryption earlier in the handshake.
- Container images and quickstarts for rapid local testing (including guidance for WSL2 + Docker Desktop).
- Continued production recommendation: remain on SQL Server 2022 for critical workloads until Ubuntu 24.04 certification and full GA stability are confirmed. (techcommunity.microsoft.com, neowin.net)
Ubuntu 24.04: why this matters
A new LTS in the ecosystem
Ubuntu 24.04 is the latest Long-Term Support release from Canonical and will be the platform of choice for many cloud and developer desktops over the coming years. Native support for a new LTS matters to enterprises that standardize images across development, CI, and production platforms. By providing an evaluation channel for Ubuntu 24.04, Microsoft shortens the feedback loop between Linux-based environments and SQL Server engineering teams.Dev/test vs production: clear boundaries
The preview’s Enterprise Evaluation license is explicitly time-limited (180 days). Microsoft’s documentation makes the distinction clear: the RC0 image is suitable for development and testing but not recommended for production. For organizations that manage compliance and SLAs, this is an important guardrail—testing on 24.04 is now feasible, but migration requires certification and verified operational stability.What administrators should check when validating Ubuntu 24.04
When testing SQL Server 2025 on Ubuntu 24.04, teams should validate:- Kernel compatibility and host kernel version for container hosts.
- Docker/OCI runtime compatibility and storage drivers used in test environments.
- Backup and restore flows between Ubuntu 22.04 production images and Ubuntu 24.04 test images.
- Performance baselines—IO, memory use, and CPU profiles—compared to SQL Server 2022 instances.
- Integration with monitoring, observability, and security tooling (e.g., audit logs, agent-based monitoring).
TLS 1.3 by default: the technical impact
What changed in the connection model
SQL Server 2025 introduces broader adoption of TDS 8.0 and enables TLS 1.3 out of the box for RC0. The combined effect is a security posture shift: the prelogin and authentication phases can now be encrypted earlier, and TLS 1.3’s streamlined handshake reduces latency and removes legacy cryptographic constructs. The new connection sequence shifts to:TCP handshake → TLS handshake → TDS prelogin (encrypted) → Authentication (encrypted) → Data exchange (encrypted)
This order reduces the attack surface during initial negotiation and enforces encryption semantics from the start of the connection.
Benefits of TLS 1.3 default enablement
- Faster handshakes through reduced round-trips versus legacy TLS versions, producing measurable improvements in connection latency for high-churn workloads.
- Stronger, modern ciphers and removal of deprecated algorithms—reducing risk from protocol-level weaknesses.
- Compliance alignment with up-to-date security standards favored by regulated industries and security frameworks.
Caveats and compatibility considerations
Although TLS 1.3 is a best-practice move, some legacy clients, drivers, or middleboxes may not fully support TLS 1.3 or TDS 8.0 semantics. Organizations should:- Test client drivers (.NET, JDBC, ODBC) used by applications to confirm TLS 1.3 negotiation and cipher compatibility.
- Validate any connection-proxying devices or appliances (e.g., load balancers, TLS terminators, middleboxes) for TLS 1.3 support.
- Evaluate telemetry and observability tools for visibility into TLS 1.3 sessions (some older tools have limited visibility into TLS 1.3 internals).
Container-first testing made simple
Quickstart and Docker image
Microsoft published an MCR container image for the RC0 preview—developers can pull the tagged artifact and run it with a couple of Docker commands. The published snippet demonstrates how to pull and run the image for local dev/test scenarios, including WSL2 integration on Windows developer machines. This makes it trivial to validate SQL Server 2025 behavior without changing host OS installations.Example (as shown in the official quickstart):
- docker pull mcr.microsoft.com/mssql/server:2025-RC0-ubuntu-24.04
- docker run -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=<password>" -e "MSSQL_AGENT_ENABLED=true" -p 14333:1433 --name sql2025preview -d mcr.microsoft.com/mssql/server:2025-RC0-ubuntu-24.04
WSL2 as a dev platform
Running the preview inside WSL2 + Docker Desktop provides Windows developers the convenience of Linux-native images without separate Linux hosts. Microsoft’s demos show connecting from SQL Server Management Studio (SSMS) on Windows to the containerized instance running in WSL2, with the ERRORLOG used to confirm the SQL Server version and runtime environment. This lowers the barrier for Windows-first teams to validate Linux deployment behaviors.Broader SQL Server 2025 feature context
SQL Server 2025 is shaping up to be a platform-focused release with multiple advances beyond OS support and transport security. Announcements and reporting on preview releases highlight features such as:- AI-integrated database capabilities (vector embeddings and native support in drivers), intended to accelerate AI workloads that require high-throughput embedding storage and retrieval. (neowin.net, techcommunity.microsoft.com)
- Performance improvements in drivers (claims of significantly faster reads, writes, and bulk copy operations for certain scenarios in the preview testing). These claims should be validated against real workloads—synthetic benchmarks and microbenchmarks can exaggerate gains versus complex production schemas.
- Encryption enhancements such as OAEP-256 support for RSA-based encryption conditioned on database compatibility level, presenting stronger key protection options for workloads requiring higher cryptographic assurances.
Migration and upgrade considerations
Risk matrix for moving from 2022 to 2025 (preview → GA)
- Compatibility risk: Database compatibility levels, T-SQL behavior changes, and new encryption defaults can impact applications that assume prior behaviors.
- Operational maturity: Full support for Availability Groups, Failover Clusters, and other HA features may lag initial previews and need verification.
- Driver and client compatibility: Driver versions must support TDS 8.0 and TLS 1.3; older drivers may require updates or configuration changes.
- Third-party ecosystem: Backup vendors, monitoring tools, and security appliances must be tested for compatibility with the new transport and cryptographic defaults.
- Certification and support: Production migration should wait for Microsoft’s certification of Ubuntu 24.04 and clear GA timelines.
Practical upgrade path (recommended)
- Keep production on SQL Server 2022 or another fully supported configuration until certification is confirmed.
- Establish a parallel test farm running SQL Server 2025 RC0 on Ubuntu 24.04 to validate application behavior, driver compatibility, and operational workflows.
- Use containerized deployments and WSL2 for developer validation and performance baselines to model expected production behavior.
- Maintain a rollback plan that includes data restore tests from backups taken from the 2025 test environment to the production 2022 environment to verify backward compatibility.
- Monitor Microsoft’s release notes and community feedback channels for bug reports, hotfixes, and certification announcements. (techcommunity.microsoft.com, neowin.net)
Security analysis: gains and potential blind spots
Strengths
- Default TLS 1.3 dramatically reduces the likelihood of weak-cipher negotiation and improves resilience against a variety of network-layer attacks. This is a major step forward for “secure by default” posture.
- TDS 8.0 encryption enforcement for the prelogin and authentication phases means sensitive negotiation data is no longer transmitted in cleartext or under weaker protection.
- Modernized cryptographic defaults (e.g., OAEP-256) give teams stronger primitives for encrypting data-at-rest keys and certificates.
Risks and operational considerations
- Compatibility gaps with legacy clients are the most immediate operational risk. If internal applications use older drivers or embedded connection libraries that cannot negotiate TLS 1.3 or TDS 8.0, connection failures or degraded fallbacks may occur.
- Visibility limitations: Some monitoring tools that inspect TLS handshakes or terminate TLS for inspection may not yet fully support TLS 1.3 semantics. Observability and traffic analysis workflows must be validated.
- Misconfiguration risk: Administrators unfamiliar with TLS 1.3 or new cipher defaults may inadvertently weaken security by misconfiguring custom cipher suites or fallback behaviors. Proper governance and configuration templates are recommended.
- Certification lag: Until Ubuntu 24.04 and SQL Server 2025 reach GA-level certifications, organizations reliant on compliance certifications should avoid production migration.
Quickstart: recommended test plan (developer-friendly)
- Prepare a Windows dev box with WSL2 and Ubuntu 24.04 installed, or a Linux VM running Ubuntu 24.04.
- Pull the RC0 container image:
- docker pull mcr.microsoft.com/mssql/server:2025-RC0-ubuntu-24.04.
- Launch the container with a secure SA password and appropriate port mapping.
- Connect with SSMS, sqlcmd, or your application driver and inspect ERRORLOG to validate version and runtime environment.
- Validate TLS 1.3 negotiation by:
- Forcing client connection logs to show TLS version, or
- Using packet capture tools that can identify TLS version or using server-side logs that show negotiated TLS versions.
- Run schema compatibility tests, stored procedure execution, and performance microbenchmarks that reflect production workloads.
- Test backups and restores between the test instance and a production-like SQL Server 2022 instance to verify portability.
- Iterate on driver updates and connection strings if any compatibility or negotiation issues appear.
Community feedback and real-world early reports
The early public discussion shows both excitement and cautious testing. Outlets and community threads report that while many developers can run the RC0 container successfully on WSL2, there are also kernel and runtime edge cases reported in broader container forums that administrators should watch. These community conversations will be important to monitor as more users validate networking, kernel interactions, and storage semantics on Ubuntu 24.04 hosts. (forums.docker.com, neowin.net)Recommendations for IT teams and DBAs
- Use RC0 to validate application behavior, driver compatibility, and operational runbooks in a controlled dev/test environment.
- Delay production migrations until Microsoft formally certifies Ubuntu 24.04 and until high-availability and backup vendors confirm support for SQL Server 2025 GA. (techcommunity.microsoft.com, neowin.net)
- Prioritize driver upgrades and test TLS 1.3 negotiation paths for all application stacks—this is the single biggest compatibility area to validate.
- Integrate TLS 1.3 observability checks into your monitoring and incident playbooks to ensure you can detect connection-level anomalies post-migration.
- Leverage containers and WSL2 for rapid iteration—script your tests to make results reproducible across teams.
Final assessment
SQL Server 2025 RC0’s support for Ubuntu 24.04 and TLS 1.3 enabled by default are meaningful steps that bring modern platform alignment and stronger transport security to the SQL Server ecosystem. For developers and organizations building Linux-first or hybrid systems, the preview lowers the barrier to testing and validation, particularly thanks to container images and WSL2 guidance.At the same time, the preview is deliberately scoped for dev/test and carries attendant caveats: production workloads should remain on certified, supported builds (such as SQL Server 2022 on Ubuntu 22.04) until Microsoft issues GA certifications and ecosystem vendors confirm support. The TLS 1.3 shift is a robust security win, but driver, client, and monitoring compatibility must be validated to avoid unexpected disruptions.
For Windows-first teams that want to embrace Linux-hosted databases without committing production resources, this RC0 makes sensible exploration straightforward. For operations and compliance teams, the prudent route is a staged validation program that combines containerized testing, driver compatibility checks, and an explicit rollback plan until GA and certification follow. (techcommunity.microsoft.com, neowin.net)
The SQL Server 2025 preview signals a forward-looking platform posture—closer integration with modern Linux LTS releases and a decisive move to secure-by-default transports. The next steps for teams are practical: test broadly, measure carefully, and wait for certification before rewriting production runbooks.
Source: Windows Report Microsoft Previews SQL Server 2025 with Ubuntu 24.04 and TLS 1.3