Why is the "don't fragment" flag set in https and ssh protocols?

I've found a lot of information specifying that this is the case, however, I am really looking for the reason behind this. Why is it necessary? Is it necessary?


The DF flag instructs routers who would normally fragment the packet due to it being too large for a link's MTU (and potentially deliver it out of order due to that fragmentation) to instead drop the packet and return an ICMP Fragmentation Needed packet, allowing the sending host to account for the lower MTU on the path to the destination host. This process is called "Path MTU discovery".

It's generally better to leave PMTUD alone and let it do its work, as opposed to having your TCP stack dealing with out of order fragments. However, in some cases (mainly when the necessary ICMP is blocked) the PMTUD doesn't work, and the connection breaks.

That's when you'll want to have the DF flag unset - when PMTUD can't function properly and connection problems result.