The MTU for 802.11 is 2296 bytes. Does this mean that if TCP is used over 802.11, the MSS can only be 2296 - 40 = 2256? Can't one use a higher MSS which would then get fragmented over 802.11?
In short, is there a strict limit on the MSS for TCP?
The MTU for 802.11 is 2296 bytes.
Are you sure about that number? This answer says it's 2304.
Does this mean that if TCP is used over 802.11, the MSS can only be 2296 - 40 = 2256?
Assuming that the MTU is 2296, that's correct. You lose at least 20 bytes for an IPv4 header, and 20 more bytes (at least) on a TCP header.
Can't one use a higher MSS which would then get fragmented over 802.11?
Why would you want that? TCP implementations actively try to avoid IP fragmentation using MTU discovery. If a TCP segment is fragmented, and one of the fragments is lost or corrupted, the entire segment would have to be resent since TCP has no concept of IP fragmentation and as far as it is concerned, the whole segment was lost. In general, this is much more wasteful than sending smaller segments that wouldn't be fragmented. This is especially true in wireless networks where frames tend to become corrupt quite often.