wolfSSL 3.2.0 does not properly implement Maximum Fragment Length Negotiation.
RFC 4366 states that:
Once a maximum fragment length other than 2^14 has been successfully
negotiated, the client and server MUST immediately begin fragmenting
messages (including handshake messages), to ensure that no fragment
larger than the negotiated length is sent. Note that TLS already
requires clients and servers to support fragmentation of handshake
messages.
wolfSSL does not properly fragment handshake messages. The problem appears if certificates are bigger than negotiated Maximum Fragment Length.