The new sslMode feature allows many more combinations of connection types between members of a mongodb cluster, which also means there are many more ways to set up an cluster incorrectly. As an example:

If one sets up a replica set where each node is a different sslMode, some pretty weird behavior occurs. A set using require, preferSSL, and allowSSL can end up in a position where the"require" primary thinks the "allowSSL" secondary is up and properly replicating, but the "allowSSL" secondary thinks the primary is down. If we look at the log file it is clear that something is going horribly wrong, but from a mongo client perspective, things look okay, and will be okay until the primary goes down temporarily, in which case things could go haywire.

It would be nice if we could recognize asymmetric cluster setups like these and alert the user / fail accordingly.