diff --git a/testssl.sh b/testssl.sh
index 7647f11..609f09f 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -11827,6 +11827,7 @@ socksend_tls_clienthello() {
           # then add a padding extension (see RFC 7685)
           len_all=$((0x$len_ciph_suites + 0x2b + 0x$len_extension_hex + 0x2))
           "$offer_compression" && len_all+=2
+          [[ 0x$tls_low_byte -gt 0x03 ]] && len_all+=32 # TLSv1.3 ClientHello includes a 32-byte session id
           if [[ $len_all -ge 256 ]] && [[ $len_all -le 511 ]] && [[ ! "$extra_extensions_list" =~ " 0015 " ]]; then
                if [[ $len_all -gt 508 ]]; then
                     len_padding_extension=1 # Final extension cannot be empty: see PR #792
@@ -11841,12 +11842,18 @@ socksend_tls_clienthello() {
                done
                len_extension=$len_extension+$len_padding_extension+0x4
                len_extension_hex=$(printf "%02x\n" $len_extension)
+          elif [[ ! "$extra_extensions_list" =~ " 0015 " ]] && ( [[ $((len_all%256)) -eq 10 ]] || [[ $((len_all%256)) -eq 14 ]] ); then
+               # Some servers fail if the length of the ClientHello is 522, 778, 1034, 1290, ... bytes.
+               # A few servers also fail if the length is 526, 782, 1038, 1294, ... bytes.
+               # So, if the ClientHello would be one of these length, add a 5-byte padding extension.
+               all_extensions="$all_extensions\\x00\\x15\\x00\\x01\\x00"
+               len_extension+=5
+               len_extension_hex=$(printf "%02x\n" $len_extension)
           fi
           len2twobytes "$len_extension_hex"
           all_extensions="
           ,$LEN_STR  # first the len of all extensions.
           ,$all_extensions"
-
      fi
 
      if [[ 0x$tls_low_byte -gt 0x03 ]]; then
@@ -14477,7 +14484,7 @@ run_grease() {
      local alpn_proto alpn alpn_list_len_hex extn_len_hex
      local selected_alpn_protocol grease_selected_alpn_protocol
      local ciph list temp curve_found
-     local -i i j rnd alpn_list_len extn_len debug_level=""
+     local -i i j rnd alpn_list_len extn_len base_len clienthello_len debug_level=""
      local -i ret=0
      # Note: The following values were taken from https://datatracker.ietf.org/doc/draft-ietf-tls-grease.
      # These arrays may need to be updated if the values change in the final version of this document.
@@ -14681,6 +14688,34 @@ run_grease() {
           fi
      fi
 
+     # Some servers fail if the length of the ClientHello is 522, 778, 1034, 1290, ... bytes.
+     # A few servers also fail if the length is 526, 782, 1038, 1294, ... bytes.
+     # So, send a number of ClientHello messages of extactly these lengths to see whether
+     # the connection fails.
+     if "$normal_hello_ok" && [[ "$proto" != "00" ]]; then
+          if [[ -z "$SNI" ]]; then
+               base_len=426
+          else
+               base_len=423+${#SNI}
+          fi
+          for clienthello_len in 522 526 778 782 1034 1290 1546 1802 2058; do
+               extn_len=$((clienthello_len-base_len))
+               extn=""
+               for (( i=0; i < extn_len; i++ )); do
+                    extn+=",00"
+               done
+               extn_len_hex=$(printf "%04x" $extn_len)
+               debugme echo -e "\nSending ClientHello with length $clienthello_len bytes"
+               tls_sockets "$proto" "$cipher_list" "" "00,15,${extn_len_hex:0:2},${extn_len_hex:2:2}${extn}"
+               success=$?
+               if [[ $success -ne 0 ]] && [[ $success -ne 2 ]]; then
+                    prln_svrty_medium " Server fails if ClientHello is $clienthello_len bytes in length."
+                    fileout "$jsonID" "CRITICAL" "Server fails if ClientHello is $clienthello_len bytes in length."
+                    bug_found=true
+               fi
+          done
+     fi
+
      # Check that server ignores unrecognized cipher suite values
      # see https://datatracker.ietf.org/doc/draft-ietf-tls-grease
      if "$normal_hello_ok"; then