diff --git a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
index 2b76c3839a..50d163a465 100644
--- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
+++ b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
@@ -804,12 +804,6 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
                 return isOutboundDone() || isDestroyed() ? CLOSED_NOT_HANDSHAKING : NEED_WRAP_CLOSED;
             }
 
-            // protect against protocol overflow attack vector
-            if (len > MAX_ENCRYPTED_PACKET_LENGTH) {
-                shutdown();
-                throw ENCRYPTED_PACKET_OVERSIZED;
-            }
-
             SSLEngineResult.HandshakeStatus status = NOT_HANDSHAKING;
             // Prepare OpenSSL to work in server mode and receive handshake
             if (handshakeState != HandshakeState.FINISHED) {
diff --git a/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java
index 23e04fd74c..3ee3b8219b 100644
--- a/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java
@@ -1701,6 +1701,56 @@ public abstract class SSLEngineTest {
         }
     }
 
+    @Test
+    public void testMultipleRecordsInOneBufferBiggerThenPacketBufferSize() throws Exception {
+        SelfSignedCertificate cert = new SelfSignedCertificate();
+
+        clientSslCtx = SslContextBuilder
+                .forClient()
+                .trustManager(cert.cert())
+                .sslProvider(sslClientProvider())
+                .build();
+        SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
+
+        serverSslCtx = SslContextBuilder
+                .forServer(cert.certificate(), cert.privateKey())
+                .sslProvider(sslServerProvider())
+                .build();
+        SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
+
+        try {
+            ByteBuffer plainClientOut = allocateBuffer(4096);
+            ByteBuffer plainServerOut = allocateBuffer(server.getSession().getApplicationBufferSize());
+
+            ByteBuffer encClientToServer = allocateBuffer(server.getSession().getPacketBufferSize() * 2);
+
+            handshake(client, server);
+
+            int srcLen = plainClientOut.remaining();
+            SSLEngineResult result;
+
+            while (encClientToServer.position() <= server.getSession().getPacketBufferSize()) {
+                result = client.wrap(plainClientOut, encClientToServer);
+                assertEquals(SSLEngineResult.Status.OK, result.getStatus());
+                assertEquals(srcLen, result.bytesConsumed());
+                assertTrue(result.bytesProduced() > 0);
+
+                plainClientOut.clear();
+            }
+
+            encClientToServer.flip();
+
+            result = server.unwrap(encClientToServer, plainServerOut);
+            assertEquals(SSLEngineResult.Status.OK, result.getStatus());
+            assertTrue(result.bytesConsumed() > 0);
+            assertTrue(result.bytesProduced() > 0);
+        } finally {
+            cert.delete();
+            cleanupClientSslEngine(client);
+            cleanupServerSslEngine(server);
+        }
+    }
+
     @Test
     public void testBufferUnderFlow() throws Exception {
         SelfSignedCertificate cert = new SelfSignedCertificate();