It's the "fail closed" principle in action: if I don't understand it, it must be malicious, so the connection should be rejected as swiftly as possible.
Also seen in firewalls which drop all ICMP packets ("the only real-world use of ICMP is ping floods, right?"), breaking PMTUD.
But this isn't fail-closed. The specification allows for newer versions. The problem is, you are supposed to spit back the version you actually support instead of disconnecting. I don't understand how this can be interpreted as anything but non-compliance of the standard.
I would say that technically it's complaint because there's nothing saying a server can't tear down a connection whenever it wants.
Our InfoSec friends are rightfully suspicious of 'weird' looking packets and data from clients. It's one of the few ways to catch/stop zero day vulns. It does make things difficult when legitimate traffic is caught in the crossfire but such is the nature of most security practices.
Microsoft's Skype for business servers block(ed?) ICMPv6. That was a fun one to track down when there was an MTU issue on our network, especially when their diagnostic tool claimed there was a 403 error from the SIP endpoint!
Also seen in firewalls which drop all ICMP packets ("the only real-world use of ICMP is ping floods, right?"), breaking PMTUD.