--- crypto/bio/bio.h	2011-12-02 13:23:57.000000000 +0100
+++ crypto/bio/bio.h	2012-03-07 11:57:05.000000000 +0100
@@ -145,6 +145,7 @@
 /* #endif */
 
 #define BIO_CTRL_DGRAM_QUERY_MTU          40 /* as kernel for current MTU */
+#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU   47
 #define BIO_CTRL_DGRAM_GET_MTU            41 /* get cached value for MTU */
 #define BIO_CTRL_DGRAM_SET_MTU            42 /* set cached value for
 					      * MTU. want to use this

--- crypto/bio/bss_dgram.c	2011-09-01 17:03:10.000000000 +0200
+++ crypto/bio/bss_dgram.c	2012-03-07 11:58:15.000000000 +0100
@@ -494,6 +494,9 @@
 		ret = 0;
 #endif
 		break;
+	case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+		ret = 576 - 20 - 8;
+		break;
 	case BIO_CTRL_DGRAM_GET_MTU:
 		return data->mtu;
 		break;

--- ssl/d1_both.c	2011-10-27 15:06:26.000000000 +0200
+++ ssl/d1_both.c	2012-03-07 11:57:05.000000000 +0100
@@ -227,14 +227,14 @@
 	unsigned int len, frag_off, mac_size, blocksize;
 
 	/* AHA!  Figure out the MTU, and stick to the right size */
-	if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
+	if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
 		{
 		s->d1->mtu = 
 			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
 
 		/* I've seen the kernel return bogus numbers when it doesn't know
 		 * (initial write), so just make sure we have a reasonable number */
-		if ( s->d1->mtu < dtls1_min_mtu())
+		if (s->d1->mtu < dtls1_min_mtu())
 			{
 			s->d1->mtu = 0;
 			s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);

--- ssl/d1_lib.c	2011-09-23 15:35:31.000000000 +0200
+++ ssl/d1_lib.c	2012-03-07 11:57:05.000000000 +0100
@@ -454,6 +454,11 @@
 		state->timeout.read_timeouts = 1;
 		}
 
+	if (state->timeout_duration > 2)
+		{
+		s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);		
+		}
+
 	dtls1_start_timer(s);
 	return dtls1_retransmit_buffered_messages(s);
 	}