diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -624,12 +624,13 @@
 	SCH_LOCK_ASSERT(sch);
 
 	/*
-	 * Any RST to our SYN|ACK must not carry ACK, SYN or FIN flags.
-	 * See RFC 793 page 65, section SEGMENT ARRIVES.
+	 * Any RST to our SYN|ACK must not carry SYN or FIN flags.
+	 * See RFC 9293 section 3.10.7.4, check the RST bit after
+	 * acceptability tests.
 	 */
-	if (tcp_get_flags(th) & (TH_ACK|TH_SYN|TH_FIN)) {
+	if (tcp_get_flags(th) & (TH_SYN|TH_FIN)) {
 		if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
-			log(LOG_DEBUG, "%s; %s: Spurious RST with ACK, SYN or "
+			log(LOG_DEBUG, "%s; %s: Spurious RST with SYN or "
 			    "FIN flag set, segment ignored\n", s, __func__);
 		TCPSTAT_INC(tcps_badrst);
 		goto done;