As window updates are sent application-controlled when tcp_recved() is called,
the current altcp_tls implementation for mbedtls has a problem that it needs
TCP_WND to be > MBEDTLS_SSL_MAX_CONTENT_LEN or the connection may stall
because the remote side cannot send a whole decryption fragment.
Application-controlled window updates are still better, but maybe altcp_tls
connections need to override the announced window in this case (as the buffer
space is allocated by mbedtls anyway, not via lwIP pbufs).