Only use the fallback mtu after 2 unsuccessful retransmissions if it is less

than the mtu we are already using

Reviewed-by: Tim Hudson <tjh@openssl.org>