Suraj: thank you. I am not using application-tracking:
root@a> show configuration security zones | display set | match application-tracking
Re MSS, I will perform your test. However, I do not believe I can have fragmentation. The external interfaces on both SRX devices is 1500 (and even the routers in between are at 1500 per traceroute). The st0 interfaces are set with MTU 1400. So I cannot imagine how en encrypted traffic could have packet sizes larger than 1500. Please stand by for test results...