diff --git a/offlineimap.conf b/offlineimap.conf
index 47256b4..c68cd84 100644
--- a/offlineimap.conf
+++ b/offlineimap.conf
@@ -610,6 +610,22 @@ type = IMAP
 remotehost = examplehost
 
 
+# This option stands in the [Repository RemoteExample] section.
+#
+# Whether or not to use STARTTLS. STARTTLS allows to upgrade a plain connection
+# to TLS or SSL after negociation with the server. While a server might pretend
+# to support STARTTLS, the communication might not be properly established or
+# the secure tunnel might be broken in some way. In this case you might want to
+# disable STARTTLS. Unless you hit issues with STARTTLS, you are strongly
+# encouraged to keep STARTTLS enabled.
+#
+# STARTTLS can be used even if the 'ssl' option is disabled.
+#
+# Default is yes.
+#
+#starttls = yes
+
+
 # This option stands in the [Repository RemoteExample] section.
 #
 # Whether or not to use SSL.
diff --git a/offlineimap/imapserver.py b/offlineimap/imapserver.py
index 0363df2..5806ce3 100644
--- a/offlineimap/imapserver.py
+++ b/offlineimap/imapserver.py
@@ -106,6 +106,7 @@ class IMAPServer(object):
         self.fingerprint = repos.get_ssl_fingerprint()
         self.sslversion = repos.getsslversion()
         self.tlslevel = repos.gettlslevel()
+        self.starttls = repos.getstarttls()
 
         self.oauth2_refresh_token = repos.getoauth2_refresh_token()
         self.oauth2_access_token = repos.getoauth2_access_token()
@@ -414,7 +415,7 @@ class IMAPServer(object):
 
             # TLS must be initiated before checking capabilities:
             # they could have been changed after STARTTLS.
-            if tryTLS and not tried_tls:
+            if tryTLS and self.starttls and not tried_tls:
                 tried_tls = True
                 self.__start_tls(imapobj)
 
diff --git a/offlineimap/repository/IMAP.py b/offlineimap/repository/IMAP.py
index 0138975..2ee3f3e 100644
--- a/offlineimap/repository/IMAP.py
+++ b/offlineimap/repository/IMAP.py
@@ -261,6 +261,9 @@ class IMAPRepository(BaseRepository):
     def getsslversion(self):
         return self.getconf('ssl_version', None)
 
+    def getstarttls(self):
+        return self.getconfboolean('starttls', True)
+
     def get_ssl_fingerprint(self):
         """Return array of possible certificate fingerprints.