diff --git a/history.txt b/history.txt
index 55ad8510d6..a4e886ed1a 100644
--- a/history.txt
+++ b/history.txt
@@ -1,3 +1,9 @@
+2022-09-23 zzz
+ * SSU2:
+   - Fail handshakes while inside sync
+   - Convert 1276 MTU to 1280 to workaround bug in 1.9.0
+   - Ensure min packet size for pings
+
 2022-09-20 zzz
  * i2ptunnel, eepget: Add support for SHA-256 digest proxy auth (RFC 7616)
 
diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java
index f40f9f7a0c..837dbdd0fb 100644
--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@@ -18,7 +18,7 @@ public class RouterVersion {
     /** deprecated */
     public final static String ID = "Git";
     public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 9;
+    public final static long BUILD = 10;
 
     /** for example "-test" */
     public final static String EXTRA = "";
diff --git a/router/java/src/net/i2p/router/transport/udp/PacketBuilder2.java b/router/java/src/net/i2p/router/transport/udp/PacketBuilder2.java
index 153f875f0e..798fee0097 100644
--- a/router/java/src/net/i2p/router/transport/udp/PacketBuilder2.java
+++ b/router/java/src/net/i2p/router/transport/udp/PacketBuilder2.java
@@ -328,6 +328,7 @@ class PacketBuilder2 {
         DatagramPacket pkt = packet.getPacket();
         byte data[] = pkt.getData();
         int off = SHORT_HEADER_SIZE;
+        // plenty of room
         Block block = getPadding(0, 1280);
         List<Block> blocks = Collections.singletonList(block);
         off += block.getTotalLength();
@@ -1144,12 +1145,17 @@ class PacketBuilder2 {
                 throw new IllegalArgumentException("Bad data msg", e);
             }
         }
-        pkt.setLength(len + MAC_LEN);
+        len += MAC_LEN;
+        pkt.setLength(len);
+        if (len < MIN_DATA_LEN)
+            _log.error("Packet too short " + len, new Exception());
         SSU2Header.encryptShortHeader(packet, hdrKey1, hdrKey2);
     }
 
     /**
      *  @param len current length of the packet including IP/UDP header
+     *             (unless header subtracted from max)
+     *             If len == 0 ensure 8 byte block minimum
      *  @param max max length of the packet
      *  @return null if no room
      */
@@ -1158,10 +1164,14 @@ class PacketBuilder2 {
         if (maxpadlen < 0)
             return null;
         int padlen;
-        if (maxpadlen == 0)
+        if (maxpadlen == 0) {
             padlen = 0;
-        else
+        } else {
             padlen = _context.random().nextInt(maxpadlen + 1);
+            // ping packets, ensure 40 byte minimum packet size
+            if (len == 0)
+                padlen += 5;
+        }
         return new SSU2Payload.PaddingBlock(padlen);
     }