diff --git a/src/security/tls_session.cpp b/src/security/tls_session.cpp
index 2772168c5fb80dc247ff3b8f347209be8cd2eaf4..00b9be9f053c5e32764271d14c636d4ba87494c4 100644
--- a/src/security/tls_session.cpp
+++ b/src/security/tls_session.cpp
@@ -690,6 +690,7 @@ TlsSession::handleStateHandshake(TlsSessionState state)
         callbacks_.onCertificatesUpdate(local, remote, remote_count);
     }
 
+    maxPayload_ = gnutls_dtls_get_data_mtu(session_);
     return TlsSessionState::ESTABLISHED;
 }
 
diff --git a/src/security/tls_session.h b/src/security/tls_session.h
index 1303ef2320e8183ca2a454c46073622845140055..ecb6efab55b84124ee190254e8902ef5f11ae3df 100644
--- a/src/security/tls_session.h
+++ b/src/security/tls_session.h
@@ -143,6 +143,10 @@ public:
     // Request TLS thread to stop and quit. IO are not possible after that.
     void shutdown();
 
+    // Return maximum application payload size in bytes
+    // Returned value must be checked and considered valid only if not 0 (session is initialized)
+    unsigned int getMaxPayload() const { return maxPayload_; }
+
     // Can be called by onStateChange callback when state == ESTABLISHED
     // to obtain the used cypher suite id.
     // Return the name of current cipher.
@@ -170,6 +174,7 @@ private:
     TlsSessionState handleStateShutdown(TlsSessionState state);
     std::map<TlsSessionState, StateHandler> fsmHandlers_ {};
     std::atomic<TlsSessionState> state_ {TlsSessionState::SETUP};
+    std::atomic<unsigned int> maxPayload_ {0};
 
     // IO GnuTLS <-> ICE
     struct TxData {