diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 9bb0c4438..24e60f793 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -247,6 +247,8 @@
 #define TLS_EXT_SERVERNAME                   0
 #define TLS_EXT_SERVERNAME_HOSTNAME          0
 
+#define TLS_EXT_MAX_FRAGMENT_LENGTH          1
+
 #define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES   10
 #define TLS_EXT_SUPPORTED_POINT_FORMATS     11
 
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 2aef9c415..0e3225101 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -291,6 +291,22 @@ static int ssl_parse_supported_point_formats( ssl_context *ssl,
 }
 #endif /* POLARSSL_ECP_C */
 
+static int ssl_parse_max_fragment_length_ext( ssl_context *ssl,
+                                              const unsigned char *buf,
+                                              size_t len )
+{
+    int ret;
+
+    if( len != 1 ||
+        ( ret = ssl_set_max_frag_len( ssl, buf[0] ) ) != 0 )
+    {
+        SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    return( 0 );
+}
+
 #if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
 static int ssl_parse_client_hello_v2( ssl_context *ssl )
 {
@@ -825,6 +841,14 @@ static int ssl_parse_client_hello( ssl_context *ssl )
             break;
 #endif /* POLARSSL_ECP_C */
 
+        case TLS_EXT_MAX_FRAGMENT_LENGTH:
+            SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) );
+
+            ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size );
+            if( ret != 0 )
+                return( ret );
+            break;
+
         default:
             SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
                            ext_id ) );