If you look at RFC 4492 5.2, you’ll see that the server CAN send the “ec_point_formats” extension, but is only supposed to do so “when negotiating an ECC cipher suite”. If you want TLSClient to just ignore the extra extension instead of raising an exception, I suggest overriding TlsClient.allowUnexpectedServerExtension(…) to allow ec_point_formats in the same way the default implementation allows elliptic_curves:
protected boolean allowUnexpectedServerExtension(Integer extensionType, byte[] extensionData)
throws IOException
{
switch (extensionType.intValue())
{
case ExtensionType.ec_point_formats:
/*
* Exception added based on field reports that some servers send Supported
* Point Format Extension even when not negotiating an ECC cipher suite.
* If present, we still require that it is a valid ECPointFormatList.
*/
TlsECCUtils.readSupportedPointFormatsExtension(extensionData);
return true;
default:
return super.allowUnexpectedServerExtension(extensionType, extensionData);
}
}
If this is a widespread problem, we might consider adding this case to the default implementation.
For logging, there are the (TLSPeer) methods notifyAlertRaised and notifyAlertReceived that you can override on your TLSClient implementation.