The TLS /SSL options at http://mongodb.github.io/node-mongodb-native/3.2/tutorials/connect/ssl/#tls-ssl-options document sslValidate as having a default value of true. Per https://jira.mongodb.org/browse/NODE-1156 - the option is actually false by default since the NODE-1156 bug has not been fixed.

Having a misleading value of true in the documentation means that developers can easily end up using the client without having TLS certificate validation enabled which opens the application to man-in-the-middle attacks.

Ideally NODE-1156 would be fixed so that sslValidate is actually enabled by default, however if that is not possible then at least the documentation should be updated.