If a TLS session enters into a re-handshake (such as session key refresh) at the same time as a large buffer is being sent, gnutls will bypass the normal breaking up of sent data into block-size (16k default) buffers, and cause an allocation of a intermediate buffer of + (See gnutls_record_send2, case RECORD_SEND_KEY_UPDATE_1.

To prevent this, we need to explicitly break up sent buffers into block-size parts, ensuring the intermediate alloc remains small-is (taking large_allocation_warning_threshold into account).