How can I adjust the mbedTLS block size to fit within a TCP packet?

[Bryght-Richard]

I've run into a bit of a bottleneck when experiencing light packet loss over WS/TLS/TCP. I've noticed that the TLSv1.2 record length seems to be limited to 4120B, which is greater than my TCP MSS. When a TCP packet is lost, the entire TLS record is delayed. Is it possible to have mbedTLS negotiate a smaller maximum record size, ideally aligned to fit within MSS? This way, if the second or third TCP packet of a 4120B transfer is dropped, the packets received before the drop can be processed at the application layer while TCP retries the dropped packet.

[Bryght-Richard]

mbedtls_ssl_set_mtu() does not appear to be routed up through ESP-IDF, however, if you only have one NIC, it seems MBEDTLS_SSL_OUT_CONTENT_LEN can be adjusted as the global maximum. Reducing IN and OUT CONTENT_LENGTH to the MSS breaks the initial handshake, however.