In a network/internet restricted environment, DNS lookups to the TLS certificate's OCSP address may timeout when the OCSP is not stapled. This DNS timeout may require longer than the default connecttimeoutms of 10 seconds (20 seconds is the default DNS lookup timeout for environments tested).
After failing to resolve the OCSP address, the driver then immediately aborts the connection with a failure on topology (isMaster response marked as NULL).

Attached is a trace and debug from a PHP driver connection, but the underlying issues appears to be in the C driver used by the PHP driver.

Workaround: Set the C or PHP URI flag for tlsDisableOCSPEndpointCheck=true to skip the OCSP portion of the TLS connection.