nquic over-fragments its Handshake CRYPTO flight: nquic_protocol_send:handshake_payload_budget/1 sizes datagrams with min(local max_payload_size, peer max_udp_payload_size), but max_payload_size is a static config defaulting to 1200, so the min always collapses to 1200 and the server splits any flight larger than ~1155 bytes even when the peer advertised a much larger max_udp_payload_size. This breaks the handshake with strict clients (e.g. h3spec, which advertises 65527) whenever the server uses a normal-sized cert (RSA-2048 ≈ 1.5 KB flight); the fix is to budget off the peer's max_udp_payload_size instead of the local 1200 floor.
nquic over-fragments its Handshake CRYPTO flight: nquic_protocol_send:handshake_payload_budget/1 sizes datagrams with min(local max_payload_size, peer max_udp_payload_size), but max_payload_size is a static config defaulting to 1200, so the min always collapses to 1200 and the server splits any flight larger than ~1155 bytes even when the peer advertised a much larger max_udp_payload_size. This breaks the handshake with strict clients (e.g. h3spec, which advertises 65527) whenever the server uses a normal-sized cert (RSA-2048 ≈ 1.5 KB flight); the fix is to budget off the peer's max_udp_payload_size instead of the local 1200 floor.