diff --git a/Lib/smtplib.py b/Lib/smtplib.py
index 47569738f0d..dfbf5f93249 100755
--- a/Lib/smtplib.py
+++ b/Lib/smtplib.py
@@ -773,6 +773,11 @@ def starttls(self, keyfile=None, certfile=None, context=None):
             self.ehlo_resp = None
             self.esmtp_features = {}
             self.does_esmtp = 0
+        else:
+            # RFC 3207:
+            # 501 Syntax error (no parameters allowed)
+            # 454 TLS not available due to temporary reason
+            raise SMTPResponseException(resp, reply)
         return (resp, reply)
 
     def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
diff --git a/Misc/NEWS b/Misc/NEWS
index acf1a2e760f..9dc0295ef31 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -41,6 +41,9 @@ Library
 - Issue #20508: Improve exception message of IPv{4,6}Network.__getitem__.
   Patch by Gareth Rees.
 
+- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772.  Reported by Team
+  Oststrom
+
 - Issue #21386: Implement missing IPv4Address.is_global property.  It was
   documented since 07a5610bae9d.  Initial patch by Roger Luethi.