@@ -82,19 +82,25 @@ Each supported scheme maps to a particular :class:`neo4j.Driver` subclass that i
8282+------------------------+---------------------------------------------------------------------------------------------------------------------------------------+
8383| URI Scheme | Driver Object and Setting |
8484+========================+=======================================================================================================================================+
85- | bolt | :ref: `bolt-driver-ref ` with no encryption. |
85+ | bolt | :ref: `bolt-driver-ref ` with no encryption or with custom encryption configuration, see :ref: ` driver-configuration-ref `. |
8686+------------------------+---------------------------------------------------------------------------------------------------------------------------------------+
8787| bolt+ssc | :ref: `bolt-driver-ref ` with encryption (accepts self signed certificates). |
8888+------------------------+---------------------------------------------------------------------------------------------------------------------------------------+
8989| bolt+s | :ref: `bolt-driver-ref ` with encryption (accepts only certificates signed by a certificate authority), full certificate checks. |
9090+------------------------+---------------------------------------------------------------------------------------------------------------------------------------+
91- | neo4j | :ref: `neo4j-driver-ref ` with no encryption. |
91+ | neo4j | :ref: `neo4j-driver-ref ` with no encryption or with custom encryption configuration, see :ref: ` driver-configuration-ref `. |
9292+------------------------+---------------------------------------------------------------------------------------------------------------------------------------+
9393| neo4j+ssc | :ref: `neo4j-driver-ref ` with encryption (accepts self signed certificates). |
9494+------------------------+---------------------------------------------------------------------------------------------------------------------------------------+
9595| neo4j+s | :ref: `neo4j-driver-ref ` with encryption (accepts only certificates signed by a certificate authority), full certificate checks. |
9696+------------------------+---------------------------------------------------------------------------------------------------------------------------------------+
9797
98+
99+ .. note ::
100+
101+ See also :ref: `encryption-config-note-ref ` to understand how the URI scheme relates to other encryption configuration options.
102+
103+
98104.. note ::
99105
100106 See https://neo4j.com/docs/operations-manual/current/configuration/ports/ for Neo4j ports.
@@ -408,9 +414,12 @@ Additional configuration can be provided via the :class:`neo4j.Driver` construct
408414+ :ref: `user-agent-ref `
409415+ :ref: `driver-notifications-min-severity-ref `
410416+ :ref: `driver-notifications-disabled-categories-ref `
417+ + :ref: `driver-notifications-disabled-classifications-ref `
411418+ :ref: `driver-warn-notification-severity-ref `
412419+ :ref: `telemetry-disabled-ref `
413420
421+ :ref: `encryption-config-note-ref `
422+
414423
415424.. _connection-acquisition-timeout-ref :
416425
@@ -607,6 +616,9 @@ custom ``ssl_context`` is configured.
607616---------------
608617Specify a custom SSL context to use for wrapping connections.
609618
619+ The driver offers other, easier APIs for common encryption configurations (see :ref: `encryption-config-note-ref `).
620+ It's likely that your use-case doesn't actually require this options.
621+
610622This setting is only available for URI schemes ``bolt:// `` and ``neo4j:// `` (:ref: `uri-ref `).
611623
612624If given, ``encrypted ``, ``trusted_certificates ``, and ``client_certificate `` have no effect.
@@ -807,6 +819,23 @@ The driver transmits the following information:
807819.. versionadded :: 5.13
808820
809821
822+ .. _encryption-config-note-ref :
823+
824+ Note on Encryption Configuration
825+ --------------------------------
826+ There are different *mutually exclusive * ways of configuring TLS/SSL encryption behavior of the driver:
827+
828+ * Use a URI scheme ending in ``+s ``. This auto-configures the driver to use TLS and only trust system CAs.
829+ * Use a URI scheme ending in ``+ssc ``. This auto-configures the driver to use TLS and trust any certificate.
830+ * Use a URI scheme without suffix (i.e. ``neo4j:// `` or ``bolt:// ``) and one of the following mutually exclusive options:
831+
832+ * set :ref: `encrypted-ref ` to ``True `` and optionally configure :ref: `trusted-certificates-ref ` and/or
833+ :ref: `client-certificate-ref ` to enable TLS with custom security settings.
834+ * or set :ref: `ssl-context-ref ` to gain full control (and responsibility) over the TLS configuration.
835+ * or set ``encrypted=False `` (default) to disable TLS.
836+
837+
838+
810839Driver Object Lifetime
811840======================
812841
0 commit comments