It appears that the encryption performed by RecordLayer.WrapMessage can cause the message size to exceed 2^14 bytes, in violation of the specification.
This happens to me while doing stream cypher encryption, but there does not appear to be any defense against it in general.
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2003/08/19
Only plaintext fragments must be 2^14 bytes or less. Encrypted fragments can be up to 2^14+2048 bytes [section 6.2.3 in the TLS standard].
The 2^14 limit is enforced by the RecordLayer.EncryptBytes() method; this method splits up byte arrays if they are too large to send at once.
The 2^14+2048 limit is enforced implicitly because there is currently no cipher suite from which the overhead data [padding+mac] is larger than 2048 bytes.