Merge branch 'main' into 1711-upgrade-node

docs/private-networks/concepts/node-sync-private.md

@@ -24,9 +24,9 @@ Select the sync mode based on your network's requirements and node purposes.
 
 | Sync mode                                                                            | Description                                                                                                                                                                         | Requirements | Limitations |
 |--------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|-------------|
-| [Snap](../../public-networks/concepts/node-sync.md#snap-synchronization)             | Recommended for fastest sync and lowest storage requirements on Mainnet. Downloads as many leaves of the trie as possible and reconstructs the trie locally. Faster than fast sync. | Available as an _early access feature_ in Besu version 24.7.1 or later | Cannot switch from fast sync to snap sync mid-process. |
+| [Snap](../../public-networks/concepts/node-sync.md#snap-synchronization)             | Recommended for fastest sync and lowest storage requirements on Mainnet. Downloads as many leaves of the trie as possible and reconstructs the trie locally. Faster than fast sync. | Besu version 24.3.0 or later | Cannot switch from fast sync to snap sync mid-process. |
 | [Checkpoint](../../public-networks/concepts/node-sync.md#checkpoint-synchronization) | Syncs from a specific checkpoint block configured in the genesis file. Fastest sync mode with lowest storage requirements.                                                          | Besu version 22.4.3 or later | Not supported for QBFT or IBFT 2.0 networks without a checkpoint configuration. |
-| [Fast](../../public-networks/concepts/node-sync.md#fast-synchronization)             | Downloads block headers and transaction receipts, verifies chain from genesis block.                                                                                                | None | Not supported with private transactions. |
+| [Fast](../../public-networks/concepts/node-sync.md#fast-synchronization-deprecated)             | Downloads block headers and transaction receipts, verifies chain from genesis block.                                                                                                | None | Deprecated. Not supported with private transactions. |
 | [Full](../../public-networks/concepts/node-sync.md#full-synchronization)             | Default for all private networks. Downloads and verifies the entire blockchain and state from genesis block, building an archive node with full state history.                      | None | Slowest sync mode, requires the most disk space. |
 
 :::warning Early access feature 

docs/private-networks/concepts/permissioning/index.md

@@ -48,7 +48,13 @@ Local permissioning affects your node but not the rest of the network. Use local
 
 Local permissioning does not require coordination with the rest of the network and you can act immediately to protect your node. Your rules are not enforced in blocks produced by other nodes.
 
-### Onchain
+### Onchain (Deprecated)
+
+:::caution
+
+Onchain permissioning is deprecated in Besu version 24.12.0 and later. Please read this [blog post](https://www.lfdecentralizedtrust.org/blog/sunsetting-tessera-and-simplifying-hyperledger-besu) for more context on the rationale behind this decision as well as alternative options.
+
+:::
 
 [Onchain permissioning](onchain.md) works through a smart contract on the network. Specifying permissioning onchain enables all nodes to read and update permissioning configuration from one location.
 

docs/private-networks/concepts/permissioning/onchain.md

@@ -6,7 +6,13 @@ tags:
   - private networks
 ---
 
-# Onchain permissioning
+# Onchain permissioning (Deprecated)
+
+:::caution
+
+Onchain permissioning is deprecated in Besu version 24.12.0 and later. Please read this [blog post](https://www.lfdecentralizedtrust.org/blog/sunsetting-tessera-and-simplifying-hyperledger-besu) for more context on the rationale behind this decision as well as alternative options.
+
+:::
 
 Onchain [permissioning](index.md) uses smart contracts to store and administer the node, account, and admin allowlists. Using onchain permissioning enables all nodes to read the allowlists from a single source, the blockchain.
 
@@ -42,7 +48,7 @@ Permissioning implements three allowlists:
 
 Account permissioning is incompatible with [random key signing](../../how-to/use-privacy/sign-pmts.md) for [privacy marker transactions](../privacy/private-transactions/processing.md).
 
-If using account permissioning and privacy, a signing key must be specified using the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file) command line option and the corresponding public key included in the accounts allowlist.
+If using account permissioning and privacy, a signing key must be specified using the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated) command line option and the corresponding public key included in the accounts allowlist.
 
 :::
 

docs/private-networks/concepts/privacy/flexible-privacy.md

@@ -4,7 +4,13 @@ sidebar_position: 3
 description: Flexible privacy groups
 ---
 
-# Flexible privacy groups
+# Flexible privacy groups (Deprecated)
+
+:::caution
+
+Tessera-based privacy is deprecated in Besu version 24.12.0 and later. Please read this [blog post](https://www.lfdecentralizedtrust.org/blog/sunsetting-tessera-and-simplifying-hyperledger-besu) for more context on the rationale behind this decision as well as alternative options.
+
+:::
 
 Flexible [privacy groups](privacy-groups.md) use smart contracts to store and maintain the group membership. You can [add and remove members to and from flexible privacy groups](../../how-to/use-privacy/flexible.md).
 

docs/private-networks/concepts/privacy/index.md

@@ -4,7 +4,13 @@ sidebar_position: 1
 description: Privacy
 ---
 
-# Privacy
+# Privacy (Deprecated)
+
+:::caution
+
+Tessera-based privacy is deprecated in Besu version 24.12.0 and later. Please read this [blog post](https://www.lfdecentralizedtrust.org/blog/sunsetting-tessera-and-simplifying-hyperledger-besu) for more context on the rationale behind this decision as well as alternative options.
+
+:::
 
 In Besu, privacy refers to the ability to keep transactions private between the involved participants. Other participants cannot access the transaction content or list of participants.
 

docs/private-networks/concepts/privacy/multi-tenancy.md

@@ -4,7 +4,13 @@ sidebar_position: 4
 description: Multi-tenancy
 ---
 
-# Multi-tenancy
+# Multi-tenancy (Deprecated)
+
+:::caution
+
+Tessera-based privacy is deprecated in Besu version 24.12.0 and later. Please read this [blog post](https://www.lfdecentralizedtrust.org/blog/sunsetting-tessera-and-simplifying-hyperledger-besu) for more context on the rationale behind this decision as well as alternative options.
+
+:::
 
 By default, each participant in a privacy network uses its own Besu and Tessera node.
 

docs/private-networks/concepts/privacy/plugin.md

@@ -4,7 +4,13 @@ description: Privacy plugin
 sidebar_position: 5
 ---
 
-# Privacy plugin
+# Privacy plugin (Deprecated)
+
+:::caution
+
+Tessera-based privacy is deprecated in Besu version 24.12.0 and later. Please read this [blog post](https://www.lfdecentralizedtrust.org/blog/sunsetting-tessera-and-simplifying-hyperledger-besu) for more context on the rationale behind this decision as well as alternative options.
+
+:::
 
 You can define your own strategy for private transactions by building a plugin that extends Besu functionality.
 

docs/private-networks/concepts/privacy/privacy-groups.md

@@ -4,7 +4,13 @@ sidebar_position: 2
 description: Privacy groups
 ---
 
-# Privacy groups
+# Privacy groups (Deprecated)
+
+:::caution
+
+Tessera-based privacy is deprecated in Besu version 24.12.0 and later. Please read this [blog post](https://www.lfdecentralizedtrust.org/blog/sunsetting-tessera-and-simplifying-hyperledger-besu) for more context on the rationale behind this decision as well as alternative options.
+
+:::
 
 A privacy group is a group of nodes identified by a unique privacy group ID by Tessera. Tessera stores each private transaction with the privacy group ID.
 

docs/private-networks/concepts/privacy/private-transactions/index.md

@@ -2,7 +2,13 @@
 description: Private transaction overview
 ---
 
-# Private transactions
+# Private transactions (Deprecated)
+
+:::caution
+
+Tessera-based privacy is deprecated in Besu version 24.12.0 and later. Please read this [blog post](https://www.lfdecentralizedtrust.org/blog/sunsetting-tessera-and-simplifying-hyperledger-besu) for more context on the rationale behind this decision as well as alternative options.
+
+:::
 
 Private transactions have the same parameters as public Ethereum transactions, with the following additions:
 
@@ -66,7 +72,7 @@ The following private transaction flow illustrates when nonce validation occurs:
 
 1. Submit a private transaction with a [nonce value](#private-transaction-nonce).
 1. The private transaction is distributed to all participants in the privacy group.
-1. The PMT is created and submitted to the transaction pool with a nonce of `0` if using one-time accounts. If using a specific account with [`--privacy-marker-transaction-signing-key-file`](../../../reference/cli/options.md#privacy-marker-transaction-signing-key-file), the public nonce for that account is obtained and used for the PMT.
+1. The PMT is created and submitted to the transaction pool with a nonce of `0` if using one-time accounts. If using a specific account with [`--privacy-marker-transaction-signing-key-file`](../../../reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated), the public nonce for that account is obtained and used for the PMT.
 1. The PMT is mined and included in the block.
 1. After the block containing the PMT is imported, and the PMT is processed, the private transaction is retrieved from the private transaction manager and executed.
 

docs/private-networks/concepts/privacy/private-transactions/processing.md

@@ -4,7 +4,13 @@ sidebar_position: 1
 description: Private transaction processing
 ---
 
-# Private transaction processing
+# Private transaction processing (Deprecated)
+
+:::caution
+
+Tessera-based privacy is deprecated in Besu version 24.12.0 and later. Please read this [blog post](https://www.lfdecentralizedtrust.org/blog/sunsetting-tessera-and-simplifying-hyperledger-besu) for more context on the rationale behind this decision as well as alternative options.
+
+:::
 
 Processing [private transactions](index.md) involves the following:
 

docs/private-networks/get-started/start-node.md

@@ -107,7 +107,7 @@ You might need to set [`--tx-pool-limit-by-account-percentage`](../../public-net
 
 :::note Sync nodes for BFT
 
-If you're running a node on a [QBFT](../how-to/configure/consensus/qbft.md) or [IBFT 2.0](../how-to/configure/consensus/ibft.md) network, your node must use [fast sync](../../public-networks/concepts/node-sync.md#fast-synchronization) or [full sync](../../public-networks/concepts/node-sync.md#full-synchronization). 
+If you're running a node on a [QBFT](../how-to/configure/consensus/qbft.md) or [IBFT 2.0](../how-to/configure/consensus/ibft.md) network, your node must use [fast sync](../../public-networks/concepts/node-sync.md#fast-synchronization-deprecated) or [full sync](../../public-networks/concepts/node-sync.md#full-synchronization). 
 
 Full sync is set by default.
 

docs/private-networks/how-to/configure/bootnodes.md

@@ -18,6 +18,9 @@ In production networks, [configure two or more nodes as bootnodes](#configure-bo
 
 Bootnodes and static nodes are parallel methods for finding peers. Depending on your use case, you can use only bootnodes, only static nodes, or both bootnodes and static nodes.
 
+When connecting to bootnodes, Besu attempts to connect to all bootnodes at once, at startup.
+When connecting to static nodes, Besu attempts to reconnect periodically, if the connection fails or is lost.
+
 To find peers, configure one or more bootnodes. To configure a specific set of peer connections, use [static nodes](../../../public-networks/how-to/connect/static-nodes.md).
 
 :::

docs/private-networks/how-to/configure/tls/client-and-server.md

@@ -9,6 +9,18 @@ tags:
 
 Besu supports TLS for client and server communication. For example, you can configure TLS for communication between [Web3Signer](https://docs.web3signer.consensys.net/concepts/tls) and Besu, and Besu and [Tessera](https://docs.tessera.consensys.net/HowTo/Configure/TLS/).
 
+The following instructions allow you to configure client and server authentication to secure HTTP JSON-RPC
+calls.
+
+:::info Secure Websocket JSON-RPC calls
+
+You can configure SSL/TLS authentication for WebSocket calls by enabling
+[`--rpc-ws-ssl-enabled`](../../../../public-networks/reference/cli/options.md#rpc-ws-ssl-enabled) for
+server authentication, and
+[`--rpc-ws-ssl-client-auth-enabled`](../../../../public-networks/reference/cli/options.md#rpc-ws-ssl-client-auth-enabled) for client authentication.
+
+:::
+
 The following diagram displays an example client and server TLS configuration.
 
 ![Besu client and server TLS](../../../../assets/images/Besu_TLS.png)
@@ -108,10 +120,10 @@ besu --privacy-tls-enabled --privacy-tls-keystore-file=/Users/me/my_node/keystor
 
 The command line:
 
-- Enables TLS with the server using the [`--privacy-tls-enabled`](../../../reference/cli/options.md#privacy-tls-enabled) option.
-- Specifies the keystore using the [`--privacy-tls-keystore-file`](../../../reference/cli/options.md#privacy-tls-keystore-file) option.
-- Specifies the file that contains the password to decrypt the keystore using the [`--privacy-tls-keystore-password-file`](../../../reference/cli/options.md#privacy-tls-keystore-password-file) option.
-- Specifies the trusted servers using the [`--privacy-tls-known-enclave-file`](../../../reference/cli/options.md#privacy-tls-known-enclave-file) option.
+- Enables TLS with the server using the [`--privacy-tls-enabled`](../../../reference/cli/options.md#privacy-tls-enabled-deprecated) option.
+- Specifies the keystore using the [`--privacy-tls-keystore-file`](../../../reference/cli/options.md#privacy-tls-keystore-file-deprecated) option.
+- Specifies the file that contains the password to decrypt the keystore using the [`--privacy-tls-keystore-password-file`](../../../reference/cli/options.md#privacy-tls-keystore-password-file-deprecated) option.
+- Specifies the trusted servers using the [`--privacy-tls-known-enclave-file`](../../../reference/cli/options.md#privacy-tls-known-enclave-file-deprecated) option.
 
 <!-- Links -->