diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 509eeab84..c3597e8eb 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1550,7 +1550,7 @@
 /**
  * \def MBEDTLS_SSL_RECORD_SIZE_LIMIT
  *
- * Enable support for RFC 8449 record_size_limit extension in SSL.
+ * Enable support for RFC 8449 record_size_limit extension in SSL (TLS 1.3 only).
  *
  * \warning This extension is currently in development and must NOT be used except
  *          for testing purposes.
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index ccf382e56..6fe0414f9 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2666,6 +2666,9 @@ int mbedtls_ssl_parse_server_name_ext(mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
 #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+#define MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH (2)
+#define MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN (64)
+
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
                                                   const unsigned char *buf,
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 17c1baecf..143056f6a 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -2179,6 +2179,8 @@ static int ssl_tls13_parse_encrypted_extensions(mbedtls_ssl_context *ssl,
 
                 ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(ssl, p, p + extension_data_len);
 
+                // Return unconditionally here until we handle the record size limit correctly.
+                // Once handled correctly, only return in case of errors.
                 return ret;
 
                 break;
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 0e7aa3a74..75854fc6a 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1578,10 +1578,10 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
                                                   const unsigned char *buf,
                                                   const unsigned char *end)
 {
-    const ptrdiff_t extension_data_len = end - buf;
-    if (extension_data_len != 2) {
+    const size_t extension_data_len = end - buf;
+    if (extension_data_len != MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH) {
         MBEDTLS_SSL_DEBUG_MSG(2,
-                              ("record_size_limit extension has invalid length: %td Bytes",
+                              ("record_size_limit extension has invalid length: %zu Bytes",
                                extension_data_len));
 
         MBEDTLS_SSL_PEND_FATAL_ALERT(
@@ -1604,7 +1604,7 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
      * smaller than 64.  An endpoint MUST treat receipt of a smaller value
      * as a fatal error and generate an "illegal_parameter" alert.
      */
-    if (record_size_limit < 64) {
+    if (record_size_limit < MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN) {
         MBEDTLS_SSL_PEND_FATAL_ALERT(
             MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
             MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index de60a7ae8..1e1462c30 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1591,6 +1591,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
 
                 ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(ssl, p, extension_data_end);
 
+                // Return unconditionally here until we handle the record size limit correctly.
+                // Once handled correctly, only return in case of errors.
                 return ret;
 
                 break;