According to @puellavulnerata: examining my own tests closer, if you use a payload length above 16k, it sends back an ill-formed response exceeding the maximum TLS record length. A lot of the proofs-of-concept can't parse it properly - the payload length in the heartbeat response doesn't match the TLS record length. That's what this code fixes.