diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 8b81881c..63079562 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -325,11 +325,12 @@ int dtls1_do_write(SSL *s, int type) {
        * caused the failure -- so can't really retransmit anything.  continue
        * as if everything is fine and wait for an alert to handle the
        * retransmit. */
-      if (BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) {
+      if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) &&
+          BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) {
         s->d1->mtu =
             BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
       } else {
-        return (-1);
+        return -1;
       }
     } else {
       /* bad if this assert fails, only part of the handshake message got sent.
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 9fcc0501..d08b6bd9 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -356,7 +356,8 @@ int dtls1_check_timeout_num(SSL *s) {
   s->d1->timeout.num_alerts++;
 
   /* Reduce MTU after 2 unsuccessful retransmissions */
-  if (s->d1->timeout.num_alerts > 2) {
+  if (s->d1->timeout.num_alerts > 2 &&
+      !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
     s->d1->mtu =
         BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
   }