neo4j · stefano-ottolenghi · Oct 21, 2022 · Oct 17, 2022 · Oct 20, 2022 · Oct 20, 2022
diff --git a/common-content/modules/ROOT/partials/client-applications.adoc b/common-content/modules/ROOT/partials/client-applications.adoc
@@ -114,17 +114,7 @@ A connection URI identifies a graph database and how to connect to it.
 
 The *_encryption_* and *_trust_* settings provide detail to how that connection should be secured.
 
-[CAUTION]
-====
-*There are significant changes to security settings between Neo4j 3.x and Neo4j 4.x*
-
-Please consider the information in this section before upgrading from a previous version.
-
-The https://neo4j.com/docs/migration-guide/current/[Migration Guide] is also a good source of information about changes in functionality.
-====
-
 Starting with *Neo4j 4.0*, client-server communication uses only *_unencrypted local connections by default_*.
-
 This is a change from previous versions, which switched on encryption by default, but generated a self-signed certificate out of the box.
 
 When a full certificate is installed, and encryption is enabled on the driver, full certificate checks are carried out (refer to link:/docs/operations-manual/5.0/security/ssl-framework[Operations Manual -> SSL framework]).
@@ -141,23 +131,6 @@ To connect to *Neo4j Aura*, driver users must *_enable encryption_* and the comp
 For more information, see xref:client-applications.adoc#driver-configuration-examples[Examples] below.
 ====
 
-# tag::default-security-changes[]
-
-.Changes in default security settings between 3.x and 4.x
-[options="header"]
-|===
-| Setting | Neo4j 4.x | Neo4j 3.x (Drivers 1.x)
-| Bundled certificate | none | auto-generated, self-signed
-| Driver encryption   | off  | on
-| Bolt interface      | localhost |localhost
-| Certificate expiry check  | on  |on
-| Certificate CA check  | on  | off
-| Certificate hostname check  | on  | off
-|===
-
-# end::default-security-changes[]
-
-
 [[initial-address-resolution]]
 === Initial address resolution
 
@@ -1312,7 +1285,7 @@ Specify a custom server address resolver used by the routing driver to resolve t
 
 Specify whether to use an encrypted connection between the driver and server.
 +
-*Default:* None
+*Default:* False
 
 # end::configuration-Encryption[]
 
@@ -1486,19 +1459,14 @@ include::{python-examples}/test_config_max_retry_time_example.py[tags=config-max
 
 # tag::configuration-TrustStrategy[]
 
-`TrustStrategy`::
+`TrustedCertificates`::
 
-Specify how to determine the authenticity of encryption certificates provided by the Neo4j instance that you are connecting to.
-There are three choices as to which strategy to use:
-
-* `TRUST_SYSTEM_CA_SIGNED_CERTIFICATES` - Accept any certificate that can be verified against the system store.
-
-* `TRUST_CUSTOM_CA_SIGNED_CERTIFICATES` - Accept any certificate that can be verified against a custom CA.
-
-* `TRUST_ALL_CERTIFICATES` - Accept any certificate provided by the server, regardless of CA chain. *We do not recommend using this setting for production environments.*
+Specify how to determine the authenticity of encryption certificates provided by the Neo4j instance that you are connecting to. 
+If encryption is disabled, this option has no effect.
 
 +
-*Default:* `TRUST_SYSTEM_CA_SIGNED_CERTIFICATES` (Note - only when encryption is enabled)
+
+Possible values are:
 
 # end::configuration-TrustStrategy[]
 

diff --git a/common-content/modules/ROOT/partials/session-api.adoc b/common-content/modules/ROOT/partials/session-api.adoc
@@ -98,8 +98,11 @@ To that end, transaction functions can return values but these should be derived
 *_When a transaction fails, the driver retry logic is invoked_*.
 For several failure cases, the transaction can be immediately retried against a different server.
 These cases include connection issues, server role changes (e.g. leadership elections) and transient errors.
+
 ====
 
+
+
 # end::simple-transaction-fn[]
 
 [.tabbed-example]

diff --git a/dotnet-manual/modules/ROOT/pages/client-applications.adoc b/dotnet-manual/modules/ROOT/pages/client-applications.adoc
@@ -102,11 +102,11 @@ include::{common-partial}/client-applications.adoc[tag=examples-pt2]
 .Connecting to a service
 The tables below illustrate examples of how to connect to a service with routing:
 
-.Neo4j Aura, secured with full certificate
+.Neo4j Aura or Neo4j >= 4.x, secured with full certificate
 [cols="<15s,<85a"]
 |===
 | Product
-| Neo4j Aura
+| Neo4j Aura, Neo4j >= 4.x
 
 | Security
 | Secured with full certificate
@@ -118,24 +118,15 @@ The tables below illustrate examples of how to connect to a service with routing
 GraphDatabase.Driver("neo4j+s://graph.example.com:7687", auth)
 ----
 
-If you do not have at least the .NET Driver 4.0.1 patch installed, you will need this snippet instead:
-
-[source, csharp, indent=0]
-----
-String uri = "neo4j://graph.example.com:7687";
-IDriver driver = GraphDatabase.Driver(uri, auth,
-           o => o.WithEncryptionLevel(EncryptionLevel.Encrypted));
-----
-
 | Comments
 | This is the default (and only option) for Neo4j Aura.
 |===
 
-.Neo4j 4.x, unsecured
+.Neo4j >= 4.x, unsecured
 [cols="<15s,<85a"]
 |===
 | Product
-| Neo4j 4.x
+| Neo4j >= 4.x
 
 | Security
 | Unsecured
@@ -148,40 +139,14 @@ GraphDatabase.Driver("neo4j://graph.example.com:7687", auth);
 ----
 
 | Comments
-| This is the default for Neo4j 4.x series
+| This is the default for Neo4j >= 4.x series
 |===
 
-.Neo4j 4.x, secured with full certificate
+.Neo4j >= 4.x, secured with self-signed certificate
 [cols="<15s,<85a"]
 |===
 | Product
-| Neo4j 4.x
-
-| Security
-| Secured with full certificate
-
-| Code snippet
-|
-[source, csharp, indent=0]
-----
-GraphDatabase.Driver("neo4j+s://graph.example.com:7687", auth)
-----
-
-If you do not have at least the .NET Driver 4.0.1 patch installed, you will need this snippet instead:
-
-[source, csharp, indent=0]
-----
-String uri = "neo4j://graph.example.com:7687";
-IDriver driver = GraphDatabase.Driver(uri, auth,
-           o => o.WithEncryptionLevel(EncryptionLevel.Encrypted));
-----
-|===
-
-.Neo4j 4.x, secured with self-signed certificate
-[cols="<15s,<85a"]
-|===
-| Product
-| Neo4j 4.x
+| Neo4j >= 4.x
 
 | Security
 | Secured with self-signed certificate
@@ -192,89 +157,6 @@ IDriver driver = GraphDatabase.Driver(uri, auth,
 ----
 GraphDatabase.Driver("neo4j+ssc://graph.example.com:7687", auth)
 ----
-
-If you do not have at least the .NET Driver 4.0.1 patch installed, you will need this snippet instead:
-
-[source, csharp, indent=0]
-----
-String uri = "neo4j://graph.example.com:7687";
-IDriver driver = GraphDatabase.Driver(uri, auth,
-           o => o.WithEncryptionLevel(EncryptionLevel.Encrypted)
-                 .WithTrustManager(TrustManager.CreateInsecure()));
-----
-|===
-
-.Neo4j 3.x, secured with full certificate
-[cols="<15s,<85a"]
-|===
-| Product
-| Neo4j 3.x
-
-| Security
-| Secured with full certificate
-
-| Code snippet
-|
-[source, csharp, indent=0]
-----
-GraphDatabase.Driver("neo4j+s://graph.example.com:7687", auth)
-----
-
-If you do not have at least the .NET Driver 4.0.1 patch installed, you will need this snippet instead:
-
-[source, csharp, indent=0]
-----
-String uri = "neo4j://graph.example.com:7687";
-IDriver driver = GraphDatabase.Driver(uri, auth,
-           o => o.WithEncryptionLevel(EncryptionLevel.Encrypted));
-----
-|===
-
-.Neo4j 3.x, secured with self-signed certificate
-[cols="<15s,<85a"]
-|===
-| Product
-| Neo4j 3.x
-
-| Security
-| Secured with self-signed certificate
-
-| Code snippet
-|
-[source, csharp, indent=0]
-----
-GraphDatabase.Driver("neo4j+ssc://graph.example.com:7687", auth)
-----
-
-If you do not have at least the .NET Driver 4.0.1 patch installed, you will need this snippet instead:
-
-[source, csharp, indent=0]
-----
-String uri = "neo4j://graph.example.com:7687";
-IDriver driver = GraphDatabase.Driver(uri, auth,
-           o => o.WithEncryptionLevel(EncryptionLevel.Encrypted)
-                 .WithTrustManager(TrustManager.CreateInsecure()));
-----
-
-| Comments
-| This is the default for Neo4j 3.x series
-|===
-
-.Neo4j 3.x, unsecured
-[cols="<15s,<85a"]
-|===
-| Product
-| Neo4j 3.x
-
-| Security
-| Unsecured
-
-| Code snippet
-|
-[source, csharp, indent=0]
-----
-GraphDatabase.Driver("neo4j://graph.example.com:7687", auth);
-----
 |===
 
 [NOTE]
@@ -430,6 +312,11 @@ include::{dotnet-examples}/Examples.cs[tags=config-max-retry-time]
 ======
 
 include::{common-partial}/client-applications.adoc[tag=configuration-TrustStrategy]
+
+* `TrustManager.CreateChainTrust()` - *[Default]* Accept any certificate that can be verified against the system store.
+* `TrustManager.CreateCertTrust(new []{"/path/ca1.crt", "/path/ca2.crt"})` - Accept certificates at specified paths.
+* `TrustManager.CreateInsecure()` - Accept any certificate, including self-signed ones. *Not recommended for production environments.*
+
 +
 .Configure trusted certificates
 ======

diff --git a/dotnet-manual/modules/ROOT/pages/cypher-workflow.adoc b/dotnet-manual/modules/ROOT/pages/cypher-workflow.adoc
@@ -129,3 +129,5 @@ Inbound conversion is carried out using http://cldr.unicode.org/development/deve
 == Exceptions and error handling
 
 include::{common-partial}/cypher-workflow.adoc[tag=exceptions-errors]
+
+The exception property `CanBeRetried` gives insights into whether a further attempt might be successful.
diff --git a/dotnet-manual/modules/ROOT/pages/session-api.adoc b/dotnet-manual/modules/ROOT/pages/session-api.adoc
@@ -32,6 +32,9 @@ See xref:session-api.adoc#dotnet-driver-session-configuration[Session configurat
 
 include::{common-partial}/session-api.adoc[tag=simple-transaction-fn]
 
+[CAUTION]
+The methods `ExecuteRead` and `ExecuteWrite` have replaced `ReadTransaction` and `WriteTransaction`, which are deprecated in version 5.x and will be removed in version 6.0.
+
 [source, csharp, indent=0]
 ----
 include::{dotnet-examples}/Examples.cs[tags=transaction-function]
@@ -90,6 +93,9 @@ See xref:session-api.adoc#dotnet-driver-session-configuration[Session configurat
 
 include::{common-partial}/session-api.adoc[tag=async-transaction-fn]
 
+[CAUTION]
+The methods `ExecuteReadAsync` and `ExecuteWriteAsync` have replaced `ReadTransactionAsync` and `WriteTransactionAsync`, which are deprecated in version 5.x and will be removed in version 6.0.
+
 [source, csharp, indent=0]
 ----
 include::{dotnet-examples}/ExamplesAsync.cs[tags=async-transaction-function]
@@ -150,6 +156,9 @@ include::{common-partial}/session-api.adoc[tag=rx-lifecycle]
 
 include::{common-partial}/session-api.adoc[tag=rx-transaction-fn]
 
+[CAUTION]
+The methods `ExecuteRead` and `ExecuteWrite` have replaced `ReadTransaction` and `WriteTransaction`, which are deprecated in version 5.x and will be removed in version 6.0.
+
 [source, csharp, indent=0]
 ----
 include::{dotnet-examples}/ExamplesRx.cs[tags=rx-transaction-function]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -129,3 +129,5 @@ Inbound conversion is carried out using http://cldr.unicode.org/development/deve
		== Exceptions and error handling

		include::{common-partial}/cypher-workflow.adoc[tag=exceptions-errors]

		The exception property `CanBeRetried` gives insights into whether a further attempt might be successful.