diff --git a/lib/net/imap.rb b/lib/net/imap.rb
index fb28f76a..1398cece 100644
--- a/lib/net/imap.rb
+++ b/lib/net/imap.rb
@@ -802,6 +802,11 @@ def disconnected?
       return @sock.closed?
     end
 
+    # Returns true after the TLS negotiation has completed and the remote
+    # hostname has been verified.  This will still be false if TLS was
+    # established but peer verification was disabled.
+    def tls_verified?; @tls_verified end
+
     # Sends a {CAPABILITY command [IMAP4rev1 §6.1.1]}[https://www.rfc-editor.org/rfc/rfc3501#section-6.1.1]
     # and returns an array of capabilities that the server supports.  Each
     # capability is a string.
@@ -2222,6 +2227,7 @@ def initialize(host, port_or_options = {},
       @utf8_strings = false
       @open_timeout = options[:open_timeout] || 30
       @idle_response_timeout = options[:idle_response_timeout] || 5
+      @tls_verified = false
       @parser = ResponseParser.new
       @sock = tcp_socket(@host, @port)
       begin
@@ -2581,6 +2587,7 @@ def start_tls_session(params = {})
       ssl_socket_connect(@sock, @open_timeout)
       if context.verify_mode != VERIFY_NONE
         @sock.post_connection_check(@host)
+        @tls_verified = true
       end
     end