diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c
index 4327c7e6da5..be8ea534ee0 100644
--- a/sys/netinet/tcp_output.c
+++ b/sys/netinet/tcp_output.c
@@ -1186,8 +1186,10 @@ timer:
 	 * This might not be the best thing to do according to RFC3390
 	 * Section 2. However the tcp hostcache migitates the problem
 	 * so it affects only the first tcp connection with a host.
+	 *
+	 * NB: Don't set DF on small MTU/MSS to have a safe fallback.
 	 */
-	if (V_path_mtu_discovery)
+	if (V_path_mtu_discovery && tp->t_maxopd > V_tcp_minmss)
 		ip->ip_off |= IP_DF;
 
 	error = ip_output(m, tp->t_inpcb->inp_options, NULL,
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index b2eaf20f38a..da478b3116b 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -1339,11 +1339,9 @@ tcp_ctlinput(int cmd, struct sockaddr *sa, void *vip)
 					    if (!mtu)
 						mtu = ip_next_mtu(ip->ip_len,
 						 1);
-					    if (mtu < max(296, V_tcp_minmss
-						 + sizeof(struct tcpiphdr)))
-						mtu = 0;
-					    if (!mtu)
-						mtu = V_tcp_mssdflt
+					    if (mtu < V_tcp_minmss
+						 + sizeof(struct tcpiphdr))
+						mtu = V_tcp_minmss
 						 + sizeof(struct tcpiphdr);
 					    /*
 					     * Only cache the the MTU if it