diff --git a/src/sbbs3/main.cpp b/src/sbbs3/main.cpp
index 1dd312576dffaf886480b73fd4b152f26a24f615..255613b664425b7dfb943e520e0c9a54be042041 100644
--- a/src/sbbs3/main.cpp
+++ b/src/sbbs3/main.cpp
@@ -2443,6 +2443,13 @@ void output_thread(void* arg)
 				i=buftop-bufbot;	// Pretend we sent it all
 			}
 			else {
+				/*
+				 * Limit as per js_socket.c.
+				 * Sure, this is TLS, not SSH, but we see weird stuff here in sz file transfers.
+				 */
+				size_t sendbytes = buftop-bufbot;
+				if (sendbytes > 0x2000)
+					sendbytes = 0x2000;
 				if(cryptStatusError((err=cryptPushData(sbbs->ssh_session, (char*)buf+bufbot, buftop-bufbot, &i)))) {
 					/* Handle the SSH error here... */
 					GCESSTR(err, node, LOG_WARNING, sbbs->ssh_session, "pushing data");
diff --git a/src/sbbs3/websrvr.c b/src/sbbs3/websrvr.c
index a7b5a5a8196b6d2eb655d9164fd8c2163b1a43b8..a157ef8ebc558f6a067abdf7b60d556db260e80f 100644
--- a/src/sbbs3/websrvr.c
+++ b/src/sbbs3/websrvr.c
@@ -645,7 +645,14 @@ static int sess_sendbuf(http_session_t *session, const char *buf, size_t len, BO
 		switch(sel) {
 			case 1:
 				if (session->is_tls) {
-					status = cryptPushData(session->tls_sess, buf+sent, len-sent, &tls_sent);
+					/*
+					 * Limit as per js_socket.c.
+					 * Sure, this is TLS, not SSH, but we see weird stuff here in sz file transfers.
+					 */
+					size_t sendbytes = len-sent;
+					if (sendbytes > 0x2000)
+						sendbytes = 0x2000;
+					status = cryptPushData(session->tls_sess, buf+sent, sendbytes, &tls_sent);
 					GCES(status, session, "pushing data");
 					if (status == CRYPT_ERROR_TIMEOUT) {
 						tls_sent = 0;