diff --git a/ssh1bpp.c b/ssh1bpp.c
index 77cec35f..f11e58cb 100644
--- a/ssh1bpp.c
+++ b/ssh1bpp.c
@@ -42,6 +42,7 @@ static const struct BinaryPacketProtocolVtable ssh1_bpp_vtable = {
     ssh1_bpp_handle_output,
     ssh1_bpp_new_pktout,
     ssh1_bpp_queue_disconnect,
+    0xFFFFFFFF, /* no special packet size limit for this bpp */
 };
 
 BinaryPacketProtocol *ssh1_bpp_new(LogContext *logctx)
diff --git a/ssh2bpp-bare.c b/ssh2bpp-bare.c
index 44bb3332..8dc3b117 100644
--- a/ssh2bpp-bare.c
+++ b/ssh2bpp-bare.c
@@ -31,6 +31,7 @@ static const struct BinaryPacketProtocolVtable ssh2_bare_bpp_vtable = {
     ssh2_bare_bpp_handle_output,
     ssh2_bare_bpp_new_pktout,
     ssh2_bpp_queue_disconnect, /* in sshcommon.c */
+    0x4000, /* packet size limit, per protocol spec in sshshare.c comment */
 };
 
 BinaryPacketProtocol *ssh2_bare_bpp_new(LogContext *logctx)
diff --git a/ssh2bpp.c b/ssh2bpp.c
index 8b8ccc43..79b97b31 100644
--- a/ssh2bpp.c
+++ b/ssh2bpp.c
@@ -52,6 +52,7 @@ static const struct BinaryPacketProtocolVtable ssh2_bpp_vtable = {
     ssh2_bpp_handle_output,
     ssh2_bpp_new_pktout,
     ssh2_bpp_queue_disconnect, /* in sshcommon.c */
+    0xFFFFFFFF, /* no special packet size limit for this bpp */
 };
 
 BinaryPacketProtocol *ssh2_bpp_new(
diff --git a/ssh2connection.c b/ssh2connection.c
index 96191c70..78bb0ad6 100644
--- a/ssh2connection.c
+++ b/ssh2connection.c
@@ -421,6 +421,8 @@ static bool ssh2_connection_filter_queue(struct ssh2_connection_state *s)
                 ssh2_channel_init(c);
                 c->remwindow = winsize;
                 c->remmaxpkt = pktsize;
+                if (c->remmaxpkt > s->ppl.bpp->vt->packet_size_limit)
+                    c->remmaxpkt = s->ppl.bpp->vt->packet_size_limit;
                 if (c->chan->initial_fixed_window_size) {
                     c->locwindow = c->locmaxwin = c->remlocwin =
                         c->chan->initial_fixed_window_size;
@@ -487,6 +489,8 @@ static bool ssh2_connection_filter_queue(struct ssh2_connection_state *s)
                 c->halfopen = false;
                 c->remwindow = get_uint32(pktin);
                 c->remmaxpkt = get_uint32(pktin);
+                if (c->remmaxpkt > s->ppl.bpp->vt->packet_size_limit)
+                    c->remmaxpkt = s->ppl.bpp->vt->packet_size_limit;
 
                 chan_open_confirmation(c->chan);
 
diff --git a/sshbpp.h b/sshbpp.h
index 8b3677c0..380c41a8 100644
--- a/sshbpp.h
+++ b/sshbpp.h
@@ -12,6 +12,7 @@ struct BinaryPacketProtocolVtable {
     PktOut *(*new_pktout)(int type);
     void (*queue_disconnect)(BinaryPacketProtocol *,
                              const char *msg, int category);
+    uint32_t packet_size_limit;
 };
 
 struct BinaryPacketProtocol {
diff --git a/sshverstring.c b/sshverstring.c
index 0b9152f3..4828c37b 100644
--- a/sshverstring.c
+++ b/sshverstring.c
@@ -51,6 +51,7 @@ static const struct BinaryPacketProtocolVtable ssh_verstring_vtable = {
     ssh_verstring_handle_output,
     ssh_verstring_new_pktout,
     ssh_verstring_queue_disconnect,
+    0xFFFFFFFF, /* no special packet size limit for this bpp */
 };
 
 static void ssh_detect_bugs(struct ssh_verstring_state *s);