diff --git a/src/internal.c b/src/internal.c
index a9b915d52..35af05706 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -11138,6 +11138,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case DTLS_EXPORT_VER_E:
         return "Version needs updated after code change or version mismatch";
 
+    case INPUT_SIZE_E:
+        return "Input size too large Error";
+
     default :
         return "unknown error number";
     }
diff --git a/src/ssl.c b/src/ssl.c
index 7722d3751..679f58241 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -619,16 +619,20 @@ int wolfSSL_GetObjectSize(void)
 #endif
 
 
-/* return record layer size of plaintext input size */
-int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz)
+/* return max record layer size plaintext input size */
+int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl)
 {
     int maxSize = OUTPUT_RECORD_SIZE;
 
-    if (ssl == NULL || inSz < 0)
+    WOLFSSL_ENTER("wolfSSL_GetMaxOutputSize");
+
+    if (ssl == NULL)
         return BAD_FUNC_ARG;
 
-    if (ssl->options.handShakeState != HANDSHAKE_DONE)
+    if (ssl->options.handShakeState != HANDSHAKE_DONE) {
+        WOLFSSL_MSG("Handshake not complete yet");
         return BAD_FUNC_ARG;
+    }
 
 #ifdef HAVE_MAX_FRAGMENT
     maxSize = min(maxSize, ssl->max_fragment);
@@ -640,9 +644,26 @@ int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz)
     }
 #endif
 
-    if (inSz > maxSize)
+    return maxSize;
+}
+
+
+/* return record layer size of plaintext input size */
+int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz)
+{
+    int maxSize;
+
+    WOLFSSL_ENTER("wolfSSL_GetOutputSize");
+
+    if (inSz < 0)
         return BAD_FUNC_ARG;
 
+    maxSize = wolfSSL_GetMaxOutputSize(ssl);
+    if (maxSize < 0)
+        return maxSize;   /* error */
+    if (inSz > maxSize)
+        return INPUT_SIZE_E;
+
     return BuildMessage(ssl, NULL, 0, NULL, inSz, application_data, 0, 1);
 }
 
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index 5bbcd80c0..933f7d0c9 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -148,6 +148,7 @@ enum wolfSSL_ErrorCodes {
     ECC_KEY_SIZE_E               = -410,   /* ECC key too small */
 
     DTLS_EXPORT_VER_E            = -411,   /* export version error */
+    INPUT_SIZE_E                 = -412,   /* input size too big error */
     /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
 
     /* begin negotiation parameter errors */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 08cae2879..bcbbad5a1 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1143,6 +1143,7 @@ WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version);
 WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version);
 WOLFSSL_API int wolfSSL_GetObjectSize(void);  /* object size based on build */
 WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int);
+WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*);
 WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
 WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int,
                                     unsigned char*, int, const char*);