diff --git a/module/os/freebsd/zfs/crypto_os.c b/module/os/freebsd/zfs/crypto_os.c
index fbf998416234..03d14ed7cf5c 100644
--- a/module/os/freebsd/zfs/crypto_os.c
+++ b/module/os/freebsd/zfs/crypto_os.c
@@ -293,8 +293,19 @@ freebsd_crypt_newsession(freebsd_crypt_session_t *sessp,
 		error = ENOTSUP;
 		goto bad;
 	}
-	error = crypto_newsession(&sessp->fs_sid, &csp,
-	    CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE);
+
+	/*
+	 * Disable the use of hardware drivers on FreeBSD 13 and later since
+	 * common crypto offload drivers impose constraints on AES-GCM AAD
+	 * lengths that make them unusable for ZFS, and we currently do not have
+	 * a mechanism to fall back to a software driver for requests not
+	 * handled by a hardware driver.
+	 *
+	 * On 12 we continue to permit the use of hardware drivers since
+	 * CPU-accelerated drivers such as aesni(4) register themselves as
+	 * hardware drivers.
+	 */
+	error = crypto_newsession(&sessp->fs_sid, &csp, CRYPTOCAP_F_SOFTWARE);
 	mtx_init(&sessp->fs_lock, "FreeBSD Cryptographic Session Lock",
 	    NULL, MTX_DEF);
 	crypt_sessions++;