diff --git a/payjoin-directory/src/lib.rs b/payjoin-directory/src/lib.rs
index c673127d..7600089b 100644
--- a/payjoin-directory/src/lib.rs
+++ b/payjoin-directory/src/lib.rs
@@ -23,7 +23,8 @@ pub const DEFAULT_DIR_PORT: u16 = 8080;
 pub const DEFAULT_DB_HOST: &str = "localhost:6379";
 pub const DEFAULT_TIMEOUT_SECS: u64 = 30;
 
-const MAX_BUFFER_SIZE: usize = 65536;
+const PADDED_BHTTP_BYTES: usize = 8192;
+const V1_MAX_BUFFER_SIZE: usize = 65536;
 
 const V1_REJECT_RES_JSON: &str =
     r#"{{"errorCode": "original-psbt-rejected ", "message": "Body is not a string"}}"#;
@@ -208,6 +209,7 @@ async fn handle_ohttp_gateway(
     bhttp_res
         .write_bhttp(bhttp::Mode::KnownLength, &mut bhttp_bytes)
         .map_err(|e| HandlerError::InternalServerError(e.into()))?;
+    bhttp_bytes.resize(PADDED_BHTTP_BYTES, 0);
     let ohttp_res = res_ctx
         .encapsulate(&bhttp_bytes)
         .map_err(|e| HandlerError::InternalServerError(e.into()))?;
@@ -323,7 +325,7 @@ async fn put_payjoin_v1(
     let id = decode_short_id(id)?;
     let req =
         body.collect().await.map_err(|e| HandlerError::InternalServerError(e.into()))?.to_bytes();
-    if req.len() > MAX_BUFFER_SIZE {
+    if req.len() > V1_MAX_BUFFER_SIZE {
         return Err(HandlerError::PayloadTooLarge);
     }
 
@@ -344,7 +346,7 @@ async fn post_subdir(
     let id = decode_short_id(id)?;
     let req =
         body.collect().await.map_err(|e| HandlerError::InternalServerError(e.into()))?.to_bytes();
-    if req.len() > MAX_BUFFER_SIZE {
+    if req.len() > V1_MAX_BUFFER_SIZE {
         return Err(HandlerError::PayloadTooLarge);
     }
 
diff --git a/payjoin/src/ohttp.rs b/payjoin/src/ohttp.rs
index 9bd7d147..2491cb21 100644
--- a/payjoin/src/ohttp.rs
+++ b/payjoin/src/ohttp.rs
@@ -4,6 +4,8 @@ use std::{error, fmt};
 use bitcoin::base64::prelude::BASE64_URL_SAFE_NO_PAD;
 use bitcoin::base64::Engine;
 
+pub const PADDED_MESSAGE_BYTES: usize = 8192;
+
 pub fn ohttp_encapsulate(
     ohttp_keys: &mut ohttp::KeyConfig,
     method: &str,
@@ -33,6 +35,7 @@ pub fn ohttp_encapsulate(
     }
     let mut bhttp_req = Vec::new();
     let _ = bhttp_message.write_bhttp(bhttp::Mode::KnownLength, &mut bhttp_req);
+    bhttp_req.resize(PADDED_MESSAGE_BYTES, 0);
     let encapsulated = ctx.encapsulate(&bhttp_req)?;
     Ok(encapsulated)
 }