Comment 4 for bug 1328720

I think it is important to expose these options from pymongo to improve SSL security:

ssl_cert_reqs - If not specified in pymongo client, defaults to "ssl.CERT_NONE" which is really insecure. We should default to ssl.CERT_REQUIRED if ssl=True, but I suppose allow it to be overridden for development environments.

ssl_ca_certs - Restrict to a specific CA so that valid cert can't be subsituted from a different CA that is out of your organization's control

ssl_certfile, ssl_keyfile - Enables authentication of the client, not just the server.