diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 29518c385a..6579c9686d 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -917,7 +917,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
 #endif
     size_t add_data_len;
     size_t post_avail;
-    int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl);
 
     /* The SSL context is only used for debugging purposes! */
 #if !defined(MBEDTLS_DEBUG_C)
@@ -958,11 +957,11 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_DEBUG_BUF(4, "before encrypt: output payload",
                           data, rec->data_len);
 
-    if (rec->data_len > (size_t) max_out_record_len) {
+    if (rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN) {
         MBEDTLS_SSL_DEBUG_MSG(1, ("Record content %" MBEDTLS_PRINTF_SIZET
                                   " too large, maximum %" MBEDTLS_PRINTF_SIZET,
                                   rec->data_len,
-                                  (size_t) max_out_record_len));
+                                  (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN));
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
@@ -2743,7 +2742,7 @@ int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned char hs_t
      *    ...
      */
     *buf = ssl->out_msg + 4;
-    *buf_len = mbedtls_ssl_get_max_out_record_payload(ssl) - 4;
+    *buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
 
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = hs_type;
@@ -2780,7 +2779,6 @@ int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const size_t hs_len = ssl->out_msglen - 4;
     const unsigned char hs_type = ssl->out_msg[0];
-    int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl);
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("=> write handshake message"));
 
@@ -2819,12 +2817,12 @@ int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl,
      *
      * Note: We deliberately do not check for the MTU or MFL here.
      */
-    if (ssl->out_msglen > (size_t) max_out_record_len) {
+    if (ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN) {
         MBEDTLS_SSL_DEBUG_MSG(1, ("Record too large: "
                                   "size %" MBEDTLS_PRINTF_SIZET
                                   ", maximum %" MBEDTLS_PRINTF_SIZET,
                                   ssl->out_msglen,
-                                  (size_t) max_out_record_len));
+                                  (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN));
         return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 419185c567..7a8c759fa3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7004,7 +7004,6 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
     const mbedtls_x509_crt *crt;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
         ssl->handshake->ciphersuite_info;
-    int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl);
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate"));
 
@@ -7049,10 +7048,10 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
 
     while (crt != NULL) {
         n = crt->raw.len;
-        if (n > max_out_record_len - 3 - i) {
+        if (n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i) {
             MBEDTLS_SSL_DEBUG_MSG(1, ("certificate too large, %" MBEDTLS_PRINTF_SIZET
                                       " > %" MBEDTLS_PRINTF_SIZET,
-                                      i + 3 + n, (size_t) max_out_record_len));
+                                      i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN));
             return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
         }
 
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 2375021785..7c7aac80e4 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1376,14 +1376,13 @@ static int ssl_tls13_write_change_cipher_spec_body(mbedtls_ssl_context *ssl,
 int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl);
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("=> write change cipher spec"));
 
     /* Write CCS message */
     MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_change_cipher_spec_body(
                              ssl, ssl->out_msg,
-                             ssl->out_msg + max_out_record_len,
+                             ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN,
                              &ssl->out_msglen));
 
     ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index c6ae2cab7d..8fd295f300 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -4883,8 +4883,7 @@ run_test    "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \
 
 # Currently test certificates being used do not fit in 513 record size limit
 # so 513 record size limit tests will not pass until certificates size
-# is reduced.
-# TODO: use smaller certificates in during MbedTLS TLS 1.3 server testing.
+# is reduced or handshake messages fragmentation is supported.
 
 # requires_gnutls_tls1_3
 # requires_gnutls_record_size_limit