I think it is important to expose these options from pymongo to improve SSL security:
ssl_cert_reqs - If not specified in pymongo client, defaults to "ssl.CERT_NONE" which is really insecure. We should default to ssl.CERT_REQUIRED if ssl=True, but I suppose allow it to be overridden for development environments.
ssl_ca_certs - Restrict to a specific CA so that valid cert can't be subsituted from a different CA that is out of your organization's control
ssl_certfile, ssl_keyfile - Enables authentication of the client, not just the server.
I think it is important to expose these options from pymongo to improve SSL security:
ssl_cert_reqs - If not specified in pymongo client, defaults to "ssl.CERT_NONE" which is really insecure. We should default to ssl.CERT_REQUIRED if ssl=True, but I suppose allow it to be overridden for development environments.
ssl_ca_certs - Restrict to a specific CA so that valid cert can't be subsituted from a different CA that is out of your organization's control
ssl_certfile, ssl_keyfile - Enables authentication of the client, not just the server.