diff --git a/src/internal.c b/src/internal.c
index 0433c643c..1f81d6ce6 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -13403,7 +13403,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                     args->ivSz = blockSz;
                     args->sz  += args->ivSz;
 
-                    if (args->ivSz > AES_BLOCK_SIZE)
+                    if (args->ivSz > MAX_IV_SZ)
                         ERROR_OUT(BUFFER_E, exit_buildmsg);
                 }
                 args->sz += 1;       /* pad byte */
@@ -13455,9 +13455,9 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
             AddRecordHeader(output, args->size, (byte)type, ssl);
 
             /* write to output */
-            if (args->ivSz) {
+            if (args->ivSz > 0) {
                 XMEMCPY(output + args->idx, args->iv,
-                                        min(args->ivSz, sizeof(args->iv)));
+                                        min(args->ivSz, MAX_IV_SZ));
                 args->idx += args->ivSz;
             }
             XMEMCPY(output + args->idx, input, inSz);
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 9c5beadbf..55b9216e7 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1191,6 +1191,8 @@ enum Misc {
     AES_128_KEY_SIZE    = 16,
 #endif
 
+    MAX_IV_SZ           = AES_BLOCK_SIZE,
+
     AEAD_SEQ_OFFSET     = 4,   /* Auth Data: Sequence number */
     AEAD_TYPE_OFFSET    = 8,   /* Auth Data: Type            */
     AEAD_VMAJ_OFFSET    = 9,   /* Auth Data: Major Version   */