Change occurrences of --sslWeakCertificateValidation to --sslAllowConnectionsWithoutCertificates. Also, net.ssl.allowConnectionsWithoutCertificates is being added as a config option. Both of these also need to make it into compatibility changes.
Finally, net.ssl.mode has a very vague description - this option only applies to inter-instance communication as opposed to client connections. This is not mentioned in the actual documentation as of now and should be corrected and backported to 2.6