diff --git a/src/client-side-encryption/state_machine.ts b/src/client-side-encryption/state_machine.ts
index fd5a393ea84..4356d3f7a53 100644
--- a/src/client-side-encryption/state_machine.ts
+++ b/src/client-side-encryption/state_machine.ts
@@ -68,12 +68,7 @@ const stateToString = new Map([
 const INSECURE_TLS_OPTIONS = [
   'tlsInsecure',
   'tlsAllowInvalidCertificates',
-  'tlsAllowInvalidHostnames',
-
-  // These options are disallowed by the spec, so we explicitly filter them out if provided, even
-  // though the StateMachine does not declare support for these options.
-  'tlsDisableOCSPEndpointCheck',
-  'tlsDisableCertificateRevocationCheck'
+  'tlsAllowInvalidHostnames'
 ];
 
 /**
diff --git a/src/connection_string.ts b/src/connection_string.ts
index a32c1e155f1..89bcaf8bc94 100644
--- a/src/connection_string.ts
+++ b/src/connection_string.ts
@@ -172,11 +172,6 @@ function checkTLSOptions(allOptions: CaseInsensitiveMap): void {
   };
   check('tlsInsecure', 'tlsAllowInvalidCertificates');
   check('tlsInsecure', 'tlsAllowInvalidHostnames');
-  check('tlsInsecure', 'tlsDisableCertificateRevocationCheck');
-  check('tlsInsecure', 'tlsDisableOCSPEndpointCheck');
-  check('tlsAllowInvalidCertificates', 'tlsDisableCertificateRevocationCheck');
-  check('tlsAllowInvalidCertificates', 'tlsDisableOCSPEndpointCheck');
-  check('tlsDisableCertificateRevocationCheck', 'tlsDisableOCSPEndpointCheck');
 }
 function getBoolean(name: string, value: unknown): boolean {
   if (typeof value === 'boolean') return value;
diff --git a/test/unit/assorted/uri_options.spec.test.ts b/test/unit/assorted/uri_options.spec.test.ts
index e3f4e9112d9..349eedb33fb 100644
--- a/test/unit/assorted/uri_options.spec.test.ts
+++ b/test/unit/assorted/uri_options.spec.test.ts
@@ -10,7 +10,11 @@ describe('URI option spec tests', function () {
     // Skipped because this does not apply to Node
     'Valid options specific to single-threaded drivers are parsed correctly',
 
-    // TODO(NODE-3922): have not implemented option support
+    // These options are specific to OCSP which the driver does not implement
+    // and will not be implemented in the future. Note that the other URI
+    // option tests that are testing these options are passing, simply because
+    // they are testing error conditions and the driver is throwing a MongoParseError
+    // when either of these options are provided.
     'tlsDisableCertificateRevocationCheck can be set to true',
     'tlsDisableCertificateRevocationCheck can be set to false',
     'tlsDisableOCSPEndpointCheck can be set to true',
diff --git a/test/unit/client-side-encryption/state_machine.test.ts b/test/unit/client-side-encryption/state_machine.test.ts
index 1f43b57007b..920ce567dde 100644
--- a/test/unit/client-side-encryption/state_machine.test.ts
+++ b/test/unit/client-side-encryption/state_machine.test.ts
@@ -190,27 +190,25 @@ describe('StateMachine', function () {
 
     context('when tls options are provided', function () {
       context('when the options are insecure', function () {
-        [
-          'tlsInsecure',
-          'tlsAllowInvalidCertificates',
-          'tlsAllowInvalidHostnames',
-          'tlsDisableOCSPEndpointCheck',
-          'tlsDisableCertificateRevocationCheck'
-        ].forEach(function (option) {
-          context(`when the option is ${option}`, function () {
-            const stateMachine = new StateMachine({
-              tlsOptions: { aws: { [option]: true } }
-            } as any);
-            const request = new MockRequest(Buffer.from('foobar'), 500);
-
-            it('rejects with the validation error', function (done) {
-              stateMachine.kmsRequest(request).catch(err => {
-                expect(err.message).to.equal(`Insecure TLS options prohibited for aws: ${option}`);
-                done();
+        ['tlsInsecure', 'tlsAllowInvalidCertificates', 'tlsAllowInvalidHostnames'].forEach(
+          function (option) {
+            context(`when the option is ${option}`, function () {
+              const stateMachine = new StateMachine({
+                tlsOptions: { aws: { [option]: true } }
+              } as any);
+              const request = new MockRequest(Buffer.from('foobar'), 500);
+
+              it('rejects with the validation error', function (done) {
+                stateMachine.kmsRequest(request).catch(err => {
+                  expect(err.message).to.equal(
+                    `Insecure TLS options prohibited for aws: ${option}`
+                  );
+                  done();
+                });
               });
             });
-          });
-        });
+          }
+        );
       });
 
       context('when the options are secure', function () {