fixes #858 Document the TLS public API

This also includes a number of the documentation improvements.
The options document has been broken up into separate pages for
each of the transport specific options.  We have made various
other minor improvements, fixes to markup, and cross-references.

70 files changed, 2067 insertions, 387 deletions

diff --git a/docs/man/CMakeLists.txt b/docs/man/CMakeLists.txt
index b88a0ddd..9a2cc5dd 100644
--- a/docs/man/CMakeLists.txt
+++ b/docs/man/CMakeLists.txt
@@ -336,6 +336,7 @@ if (NNG_ENABLE_DOC)
     )
 
     set(NNG_MAN3TLS
+	nng_tls_close
 	nng_tls_config_alloc
 	nng_tls_config_auth_mode
 	nng_tls_config_ca_chain
@@ -345,6 +346,24 @@ if (NNG_ENABLE_DOC)
 	nng_tls_config_hold
 	nng_tls_config_own_cert
 	nng_tls_config_server_name
+	nng_tls_free
+	nng_tls_getopt
+	nng_tls_dialer_alloc
+	nng_tls_dialer_close
+	nng_tls_dialer_dial
+	nng_tls_dialer_free
+	nng_tls_dialer_getopt
+	nng_tls_dialer_setopt
+	nng_tls_listener_accept
+	nng_tls_listener_alloc
+	nng_tls_listener_close
+	nng_tls_listener_free
+	nng_tls_listener_getopt
+	nng_tls_listener_listen
+	nng_tls_listener_setopt
+	nng_tls_recv
+	nng_tls_send
+	nng_tls_setopt
     )
 
     set(NNG_MAN5
@@ -369,6 +388,18 @@ if (NNG_ENABLE_DOC)
 	nng_tcp
 	nng_tcp_dialer
 	nng_tcp_listener
+	nng_tcp_options
+
+	nng_ipc
+	nng_ipc_dialer
+	nng_ipc_listener
+	nng_ipc_options
+
+	nng_tls
+	nng_tls_config
+	nng_tls_dialer
+	nng_tls_listener
+	nng_tls_options
     )
 
     set(NNG_MAN7
diff --git a/docs/man/libnng.3.adoc b/docs/man/libnng.3.adoc
index 9747e060..49b9b78a 100644
--- a/docs/man/libnng.3.adoc
+++ b/docs/man/libnng.3.adoc
@@ -129,7 +129,7 @@ mode may need to access the header of messages.
 === Asynchronous Operations
 
 Most applications will interact with _nng_ synchronously; that is that
-functions such as `<<nng_send.3#,nng_send()>>` will block the calling
+functions such as <<nng_send.3#,`nng_send()`>> will block the calling
 thread until the operation has completed.
 
 NOTE: Synchronous operations which send messages may return before the
@@ -143,7 +143,7 @@ the calling thread.  When the operation is subsequently completed (regardless
 of whether this was successful or not), then a user supplied function
 ("`callback`") is executed.
 
-A context structure, an `<<nng_aio.5#,nng_aio>>`, is allocated and
+A context structure, an <<nng_aio.5#,`nng_aio`>>, is allocated and
 associated with each asynchronous operation.
 Only a single asynchronous operation may be associated with an
 `nng_aio` at any time.
@@ -437,12 +437,14 @@ These functions are intended for use with HTTP server applications.
 === TLS Configuration Objects
 
 The following functions are used to manipulate transport layer security
-(TLS) configuration objects.
+(TLS) configuration objects.  Most of these functions will not be used even
+by TLS applications.
 
 NOTE: These functions will only be present if the library has been built
 with TLS support.
 
 |===
+|<<nng_tls_close.3tls#,nng_tls_close()>>|close TLS connection
 |<<nng_tls_config_alloc.3tls#,nng_tls_config_alloc()>>|allocate TLS configuration
 |<<nng_tls_config_auth_mode.3tls#,nng_tls_config_auth_mode()>>|set authentication mode
 |<<nng_tls_config_ca_chain.3tls#,nng_tls_config_ca_chain()>>|set certificate authority chain
@@ -451,6 +453,24 @@ with TLS support.
 |<<nng_tls_config_own_cert.3tls#,nng_tls_config_own_cert()>>|set own certificate and key
 |<<nng_tls_config_free.3tls#,nng_tls_config_free()>>|free TLS configuration
 |<<nng_tls_config_server_name.3tls#,nng_tls_config_server_name()>>|set remote server name
+|<<nng_tls_dialer_alloc.3tls#,nng_tls_dialer_alloc()>>|allocate TLS dialer
+|<<nng_tls_dialer_close.3tls#,nng_tls_dialer_close()>>|close TLS dialer
+|<<nng_tls_dialer_dial.3tls#,nng_tls_dialer_dial()>>|initiate outgoing TLS connection
+|<<nng_tls_dialer_free.3tls#,nng_tls_dialer_free()>>|free TLS dialer
+|<<nng_tls_dialer_getopt.3tls#,nng_tls_dialer_getopt()>>|get option from TLS dialer
+|<<nng_tls_dialer_setopt.3tls#,nng_tls_dialer_setopt()>>|set option on TLS dialer
+|<<nng_tls_free.3tls#,nng_tls_free()>>|free TLS connection
+|<<nng_tls_getopt.3tls#,nng_tls_getopt()>>|get option from TLS connection
+|<<nng_tls_listener_accept.3tls#,nng_tls_listener_accept()>>|accept incoming TLS connection
+|<<nng_tls_listener_alloc.3tls#,nng_tls_listener_alloc()>>|allocate TLS listener
+|<<nng_tls_listener_close.3tls#,nng_tls_listener_close()>>|close TLS listener
+|<<nng_tls_listener_free.3tls#,nng_tls_listener_free()>>|free TLS listener
+|<<nng_tls_listener_getopt.3tls#,nng_tls_listener_getopt()>>|get option from TLS listener
+|<<nng_tls_listener_listen.3tls#,nng_tls_listener_listen()>>|bind TLS listener to port
+|<<nng_tls_listener_setopt.3tls#,nng_tls_listener_setopt()>>|set option on TLS listener
+|<<nng_tls_recv.3tls#,nng_tls_recv()>>|receive from TLS connection
+|<<nng_tls_send.3tls#,nng_tls_send()>>|send to TLS connection
+|<<nng_tls_setopt.3tls#,nng_tls_setopt()>>|set option on TLS connection
 |===
 
 
diff --git a/docs/man/man3ipc.desc b/docs/man/man3ipc.desc
new file mode 100644
index 00000000..c38f257e
--- /dev/null
+++ b/docs/man/man3ipc.desc
@@ -0,0 +1,5 @@
+This section documents supplemental TCP functions that are available.
+
+These functions are made available to facilitate using raw TCP connections
+with the NNG asynchronous I/O API.
+Most applications should never need to use these functions.
diff --git a/docs/man/man3ipc.sect b/docs/man/man3ipc.sect
new file mode 100644
index 00000000..ed1b8306
--- /dev/null
+++ b/docs/man/man3ipc.sect
@@ -0,0 +1 @@
+Supplemental TCP Functions
diff --git a/docs/man/nng.7.adoc b/docs/man/nng.7.adoc
index ab7c5687..082b74fd 100644
--- a/docs/man/nng.7.adoc
+++ b/docs/man/nng.7.adoc
@@ -1,6 +1,6 @@
 = nng(7)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This document is supplied under the terms of the MIT License, a
@@ -143,13 +143,13 @@ to and from the socket with no extra semantic handling.
 This is possible using "`raw`" mode sockets.
 
 Raw mode sockets are generally constructed with a different function,
-such as `<<nng_req_open.3#,nng_req0_open_raw()>>`.
+such as <<nng_req_open.3#,`nng_req0_open_raw()`>>.
 Using these sockets, the application can simply send and receive messages,
 and is responsible for supplying any additional socket semantics.
 Typically this means that the application will need to inspect message
 headers on incoming messages, and supply them on outgoing messages.
 
-TIP: The `<<nng_device.3#,nng_device()>>` function only works with raw mode
+TIP: The <<nng_device.3#,`nng_device()`>> function only works with raw mode
 sockets, but as it only forwards the messages, no additional application
 processing is needed.
 
diff --git a/docs/man/nng_ipc.5.adoc b/docs/man/nng_ipc.5.adoc
index 85f881c0..93a131e0 100644
--- a/docs/man/nng_ipc.5.adoc
+++ b/docs/man/nng_ipc.5.adoc
@@ -62,10 +62,10 @@ accessed using the <<nng_ipc_getopt.3ipc#,`nng_ipc_getopt()`>> and
 
 * <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
 * <<nng_options.5#NNG_OPT_REMADDR,`NNG_OPT_REMADDR`>>
-* <<nng_options.5#NNG_OPT_IPC_PEER_GID,`NNG_OPT_IPC_PEER_GID`>>
-* <<nng_options.5#NNG_OPT_IPC_PEER_PID,`NNG_OPT_IPC_PEER_PID`>>
-* <<nng_options.5#NNG_OPT_IPC_PEER_UID,`NNG_OPT_IPC_PEER_UID`>>
-* <<nng_options.5#NNG_OPT_IPC_PEER_ZONEID,`NNG_OPT_IPC_PEER_ZONEID`>>
+* <<nng_ipc_options.5#NNG_OPT_IPC_PEER_GID,`NNG_OPT_IPC_PEER_GID`>>
+* <<nng_ipc_options.5#NNG_OPT_IPC_PEER_PID,`NNG_OPT_IPC_PEER_PID`>>
+* <<nng_ipc_options.5#NNG_OPT_IPC_PEER_UID,`NNG_OPT_IPC_PEER_UID`>>
+* <<nng_ipc_options.5#NNG_OPT_IPC_PEER_ZONEID,`NNG_OPT_IPC_PEER_ZONEID`>>
 
 Other platform specific options may be available as well.
 
@@ -81,5 +81,7 @@ Other platform specific options may be available as well.
 <<nng_ipc_recv.3ipc#,nng_ipc_recv(3ipc)>>,
 <<nng_ipc_send.3ipc#,nng_ipc_send(3ipc)>>,
 <<nng_ipc_setopt.3ipc#,nng_ipc_setopt(3ipc)>>,
+<<nng_ipc_options.5#,nng_ipc_options(5)>>,
+<<nng_options.5#,nng_options(5)>>,
 <<nng.7#,nng(7)>>,
 <<nng_ipc.7#,nng_ipc(7)>>
diff --git a/docs/man/nng_ipc.7.adoc b/docs/man/nng_ipc.7.adoc
index 0ebf1d3d..eeaf5318 100644
--- a/docs/man/nng_ipc.7.adoc
+++ b/docs/man/nng_ipc.7.adoc
@@ -1,6 +1,6 @@
 = nng_ipc(7)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This document is supplied under the terms of the MIT License, a
@@ -65,91 +65,28 @@ longer than 128 bytes, including the `ipc://` prefix.
 
 === Socket Address
 
-When using an `<<nng_sockaddr.5#,nng_sockaddr>>` structure,
-the actual structure is of type `<<nng_sockaddr_ipc.5#,nng_sockaddr_ipc>>`.
+When using an <<nng_sockaddr.5#,`nng_sockaddr`>> structure,
+the actual structure is of type <<nng_sockaddr_ipc.5#,`nng_sockaddr_ipc`>>.
 
 === Transport Options
 
-((`NNG_OPT_IPC_PERMISSIONS`))::
+The following transport options are supported by this transport,
+where supported by the underlying platform.
 
-(`int`)
-This write-only option may be applied to a listener to configure the
-permissions that are used on the UNIX domain socket created by that listener.
-This property is only supported on POSIX systems.
-The value is of type `int`, representing the normal permission bits
-on a file, such as `0600` (typically meaning read-write to the owner, and
-no permissions for anyone else.)
-The default is system-specific, most often `0644`.
-
-IMPORTANT: Not all systems validate these permissions.
-In particular, illumos and Solaris are known to ignore these permission
-settings when connecting.
-
-NOTE: Normally both read and write permission will be necessary for a
-peer dialer to connect.
-See your system documentation for UNIX domain sockets for more information.
-
-NOTE: The _umask_ of the process is *not* applied to these bits.
-
-TIP: The best practice for limiting access is to place the socket in a
-directory writable only by the server, and only readable and searchable
-by clients.
-All mainstream POSIX systems will fail to permit a client to connect
-to a socket located in a directory for which the client lacks search (execute)
-permission.
-
-TIP: Also consider using the `NNG_OPT_IPC_PEER_UID` property from within a
-a pipe notification callback (`<<nng_pipe_notify.3#,nng_pipe_notify()>>`)
-to validate peer credentials.
-
-((`NNG_OPT_IPC_SECURITY_DESCRIPTOR`))::
-
-(`PSECURITY_DESCRIPTOR`)
-This write-only option may be used on listeners on Windows platforms to
-configure the `SECURITY_DESCRIPTOR` that is used when creating the underlying
-named pipe.
-The value is a pointer, `PSECURITY_DESCRIPTOR`, and may only be
-applied to listeners that have not been started yet.
-
-((`NNG_OPT_IPC_PEER_UID`))::
-
-(`uint64_t`)
-This read-only option may be read from a pipe to determine the peer user id.
-This is the effective user id of the peer when either the underlying
-`listen()` or `connect()` calls were made, and is not forgeable.
-This option is generally only available on POSIX systems.
-
-((`NNG_OPT_IPC_PEER_GID`))::
-
-(`uint64_t`)
-This read-only option may be read from a pipe to determine the peer primary
-group id.
-This is the effective group id of the peer when either the underlying
-`listen()` or `connect()` calls were made, and is not forgeable.
-This option is generally only available on POSIX systems.
-
-((`NNG_OPT_IPC_PEER_PID`))::
-
-(`uint64_t`)
-This read-only option may be read from a pipe to determine the process id
-of the peer.
-This option is only available on Windows, Linux, and certain other systems.
-
-NOTE: Applications should not assume that the process ID does not change,
-as it is possible (although unsupported!) for a nefarious process to pass a
-file descriptor between processes.
-However, it is not possible for a nefarious application to forge the identity
-of a well-behaved one using this method.
-
-((`NNG_OPT_IPC_PEER_ZONEID`))::
-
-(`uint64_t`)
-This read-only option may be read from a pipe to determine the zone id
-of the peer.
-Zones (and this option) are only supported on Solaris and illumos systems.
+* <<nng_ipc_options.5#NNG_OPT_IPC_PEER_GID,`NNG_OPT_IPC_PEER_GID`>>
+* <<nng_ipc_options.5#NNG_OPT_IPC_PEER_PID,`NNG_OPT_IPC_PEER_PID`>>
+* <<nng_ipc_options.5#NNG_OPT_IPC_PEER_UID,`NNG_OPT_IPC_PEER_UID`>>
+* <<nng_ipc_options.5#NNG_OPT_IPC_PEER_ZONEID,`NNG_OPT_IPC_PEER_ZONEID`>>
+* <<nng_ipc_options.5#NNG_OPT_IPC_PERMISSIONS,`NNG_OPT_IPC_PERMISSIONS`>>
+* <<nng_ipc_options.5#NNG_OPT_IPC_SECURITY_DESCRIPTOR,`NNG_OPT_IPC_SECURITY_DESCRIPTOR`>>
+* <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
+* <<nng_options.5#NNG_OPT_REMADDR,`NNG_OPT_REMADDR`>>
+* <<nng_options.5#NNG_OPT_URL,`NNG_OPT_URL`>>
 
 == SEE ALSO
 
 [.text-left]
 <<nng_sockaddr.5#,nng_sockaddr(5)>>,
+<<nng_ipc_options.5#,nng_ipc_options(5)>>,
+<<nng_options.5#,nng_options(5)>>,
 <<nng.7#,nng(7)>>
diff --git a/docs/man/nng_ipc_dialer.5.adoc b/docs/man/nng_ipc_dialer.5.adoc
index 95f9d3ef..23eb1c55 100644
--- a/docs/man/nng_ipc_dialer.5.adoc
+++ b/docs/man/nng_ipc_dialer.5.adoc
@@ -28,7 +28,7 @@ typedef struct nng_ipc_dialer_s nng_ipc_dialer;
 
 (((IPC, dialer)))
 An `nng_ipc_dialer` is a handle to an IPC "`dialer`", which is responsible for
-creating a connections (<<nng_ipc.5#,`nng_ipc`>> objects) by connecting to
+creating connections (<<nng_ipc.5#,`nng_ipc`>> objects) by connecting to
 remote systems.
 
 NOTE: The `nng_ipc_dialer` object is used for raw IPC connections, and
@@ -46,5 +46,6 @@ TIP: Most NNG applications should not use this, but instead use the
 <<nng_ipc_dialer_dial.3ipc#,nng_ipc_dialer_dial(3ipc)>>,
 <<nng_ipc_dialer_free.3ipc#,nng_ipc_dialer_free(3ipc)>>,
 <<nng_ipc.5#,nng_ipc(5)>>,
+<<nng_ipc_options.5#,nng_ipc_options(5)>>,
 <<nng_ipc_listener.5#,nng_ipc_listener(5)>>,
 <<nng_ipc.7#,nng_ipc(7)>>
diff --git a/docs/man/nng_ipc_dialer_dial.3ipc.adoc b/docs/man/nng_ipc_dialer_dial.3ipc.adoc
index c2c18266..09d4dc02 100644
--- a/docs/man/nng_ipc_dialer_dial.3ipc.adoc
+++ b/docs/man/nng_ipc_dialer_dial.3ipc.adoc
@@ -1,6 +1,6 @@
 = nng_ipc_dialer_dial(3ipc)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 // Copyright 2019 Devolutions <info@devolutions.net>
 //
@@ -47,8 +47,8 @@ None.
 `NNG_EADDRINVAL`:: The address specified is invalid.
 `NNG_ECANCELED`:: The operation was aborted.
 `NNG_ECLOSED`:: The dialer is closed.
-`NNG_ECONNREFUSED`:: The IPC connection was refused by the server.
-`NNG_ECONNRESET`:: The IPC connection was reset by the server.
+`NNG_ECONNREFUSED`:: The connection was refused by the server.
+`NNG_ECONNRESET`:: The connection was reset by the server.
 `NNG_ENOMEM`:: Insufficient free memory exists.
 `NNG_EPERM`:: Insufficient permission to access the IPC path.
 
diff --git a/docs/man/nng_ipc_dialer_free.3ipc.adoc b/docs/man/nng_ipc_dialer_free.3ipc.adoc
index eaf0f5a1..ff2bf025 100644
--- a/docs/man/nng_ipc_dialer_free.3ipc.adoc
+++ b/docs/man/nng_ipc_dialer_free.3ipc.adoc
@@ -1,6 +1,6 @@
 = nng_ipc_dialer_free(3ipc)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 // Copyright 2019 Devolutions <info@devolutions.net>
 //
@@ -29,7 +29,7 @@ void nng_ipc_dialer_free(nng_ipc_dialer *d);
 The `nng_ipc_dialer_free()` function closes the supplied IPC dialer _d_,
 and frees the underlying resources associated with it.
 
-If any <<nng_ipc_dialer_dial.3#,dial>> operations
+If any <<nng_ipc_dialer_dial.3ipc#,dial>> operations
  using _d_ are
 in progress, they will be terminated with an `NNG_ECLOSED` error condition.
 
diff --git a/docs/man/nng_ipc_dialer_getopt.3ipc.adoc b/docs/man/nng_ipc_dialer_getopt.3ipc.adoc
index b6b457d0..4a480bb5 100644
--- a/docs/man/nng_ipc_dialer_getopt.3ipc.adoc
+++ b/docs/man/nng_ipc_dialer_getopt.3ipc.adoc
@@ -1,6 +1,6 @@
 = nng_ipc_dialer_getopt(3ipc)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 // Copyright 2019 Devolutions <info@devolutions.net>
 //
@@ -57,6 +57,7 @@ This function returns 0 on success, and non-zero otherwise.
 [.text-left]
 <<nng_ipc_dialer_setopt.3ipc#,nng_ipc_dialer_setopt(3ipc)>>,
 <<nng_ipc_getopt.3ipc#,nng_ipc_getopt(3ipc)>>,
+<<nng_ipc_options.5#,nng_ipc_options(5)>>,
 <<nng_options.5#,nng_options(5)>>,
 <<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_ipc.5#,nng_ipc(5)>>,
diff --git a/docs/man/nng_ipc_dialer_setopt.3ipc.adoc b/docs/man/nng_ipc_dialer_setopt.3ipc.adoc
index 6a78296f..03f45023 100644
--- a/docs/man/nng_ipc_dialer_setopt.3ipc.adoc
+++ b/docs/man/nng_ipc_dialer_setopt.3ipc.adoc
@@ -1,6 +1,6 @@
 = nng_ipc_dialer_setopt(3ipc)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 // Copyright 2019 Devolutions <info@devolutions.net>
 //
@@ -52,6 +52,7 @@ This function returns 0 on success, and non-zero otherwise.
 [.text-left]
 <<nng_ipc_dialer_getopt.3ipc#,nng_ipc_dialer_getopt(3ipc)>>,
 <<nng_ipc_setopt.3ipc#,nng_ipc_setopt(3ipc)>>,
+<<nng_ipc_options.5#,nng_ipc_options(5)>>,
 <<nng_options.5#,nng_options(5)>>,
 <<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_ipc.5#,nng_ipc(5)>>,
diff --git a/docs/man/nng_ipc_getopt.3ipc.adoc b/docs/man/nng_ipc_getopt.3ipc.adoc
index 1436e94f..d197e93e 100644
--- a/docs/man/nng_ipc_getopt.3ipc.adoc
+++ b/docs/man/nng_ipc_getopt.3ipc.adoc
@@ -40,10 +40,10 @@ at the location of _sizep_.
 
 The options specifically suppported for retrieval from IPC connections are:
 
-* <<nng_options.5#NNG_OPT_IPC_PEER_GID,`NNG_OPT_IPC_PEER_GID`>>
-* <<nng_options.5#NNG_OPT_IPC_PEER_PID,`NNG_OPT_IPC_PEER_PID`>>
-* <<nng_options.5#NNG_OPT_IPC_PEER_UID,`NNG_OPT_IPC_PEER_UID`>>
-* <<nng_options.5#NNG_OPT_IPC_PEER_ZONEID,`NNG_OPT_IPC_PEER_ZONEID`>>
+* <<nng_ipc_options.5#NNG_OPT_IPC_PEER_GID,`NNG_OPT_IPC_PEER_GID`>>
+* <<nng_ipc_options.5#NNG_OPT_IPC_PEER_PID,`NNG_OPT_IPC_PEER_PID`>>
+* <<nng_ipc_options.5#NNG_OPT_IPC_PEER_UID,`NNG_OPT_IPC_PEER_UID`>>
+* <<nng_ipc_options.5#NNG_OPT_IPC_PEER_ZONEID,`NNG_OPT_IPC_PEER_ZONEID`>>
 * <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
 * <<nng_options.5#NNG_OPT_REMADDR,`NNG_OPT_REMADDR`>>
 
@@ -64,6 +64,7 @@ This function returns 0 on success, and non-zero otherwise.
 
 [.text-left]
 <<nng_ipc_setopt.3ipc#,nng_ipc_setopt(3ipc)>>,
+<<nng_ipc_options.5#,nng_ipc_options(5)>>,
 <<nng_options.5#,nng_options(5)>>,
 <<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_ipc.5#,nng_ipc(5)>>
diff --git a/docs/man/nng_ipc_listener.5.adoc b/docs/man/nng_ipc_listener.5.adoc
index ba90fba3..1d748efc 100644
--- a/docs/man/nng_ipc_listener.5.adoc
+++ b/docs/man/nng_ipc_listener.5.adoc
@@ -48,4 +48,5 @@ TIP: Most NNG applications should not use this, but instead use the
 <<nng_ipc_listener_listen.3ipc#,nng_ipc_listener_listen(3ipc)>>,
 <<nng_ipc.5#,nng_ipc(5)>>,
 <<nng_ipc_dialer.5#,nng_ipc_dialer(5)>>,
+<<nng_ipc_options.5#,nng_ipc_options(5)>>,
 <<nng_ipc.7#,nng_ipc(7)>>
diff --git a/docs/man/nng_ipc_listener_accept.3ipc.adoc b/docs/man/nng_ipc_listener_accept.3ipc.adoc
index b5fa7377..573539a8 100644
--- a/docs/man/nng_ipc_listener_accept.3ipc.adoc
+++ b/docs/man/nng_ipc_listener_accept.3ipc.adoc
@@ -1,6 +1,6 @@
 = nng_ipc_listener_accept(3ipc)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 // Copyright 2019 Devolutions <info@devolutions.net>
 //
@@ -46,7 +46,7 @@ None.
 [horizontal]
 `NNG_ECANCELED`:: The operation was aborted.
 `NNG_ECLOSED`:: The listener is closed.
-`NNG_ECONNRESET`:: The IPC connection was reset by the peer.
+`NNG_ECONNRESET`:: The connection was reset by the peer.
 `NNG_ENOMEM`:: Insufficient free memory exists.
 `NNG_ESTATE`:: The listener is not not listening.
 
diff --git a/docs/man/nng_ipc_listener_close.3ipc.adoc b/docs/man/nng_ipc_listener_close.3ipc.adoc
index ba7238ae..8e27abde 100644
--- a/docs/man/nng_ipc_listener_close.3ipc.adoc
+++ b/docs/man/nng_ipc_listener_close.3ipc.adoc
@@ -1,6 +1,6 @@
 = nng_ipc_listener_close(3ipc)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This document is supplied under the terms of the MIT License, a
@@ -11,21 +11,21 @@
 
 == NAME
 
-nng_ipc_listener_close - close TCP listener
+nng_ipc_listener_close - close IPC listener
 
 == SYNOPSIS
 
 [source, c]
 ----
 #include <nng/nng.h>
-#include <nng/supplemental/tcp/tcp.h>
+#include <nng/supplemental/ipc/ipc.h>
 
 void nng_ipc_listener_close(nng_ipc_listener *l);
 ----
 
 == DESCRIPTION
 
-The `nng_ipc_listener_close()` function closes the supplied TCP listener _l_,
+The `nng_ipc_listener_close()` function closes the supplied IPC listener _l_,
 but does not free the underlying resources associated with it.
 
 If any <<nng_ipc_listener_accept.3ipc#,accept>> operations using _l_
diff --git a/docs/man/nng_ipc_listener_free.3ipc.adoc b/docs/man/nng_ipc_listener_free.3ipc.adoc
index f3b856c8..a90bcca5 100644
--- a/docs/man/nng_ipc_listener_free.3ipc.adoc
+++ b/docs/man/nng_ipc_listener_free.3ipc.adoc
@@ -1,6 +1,6 @@
-= nng_ipc_listener_free(3tcp)
+= nng_ipc_listener_free(3ipc)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 // Copyright 2019 Devolutions <info@devolutions.net>
 //
@@ -29,7 +29,7 @@ void nng_ipc_listener_free(nng_ipc_listener *l);
 The `nng_ipc_listener_free()` function closes the supplied IPC listener _l_,
 and frees the underlying resources associated with it.
 
-If any <<nng_ipc_listener_accept.3tcp#,accept>> operations using _l_
+If any <<nng_ipc_listener_accept.3ipc#,accept>> operations using _l_
 are in progress, they will be terminated with an `NNG_ECLOSED` error condition.
 
 WARNING: It is important that the application ensure that no further accesses
@@ -47,6 +47,6 @@ None.
 
 [.text-left]
 <<nng_strerror.3#,nng_strerror(3)>>,
-<<nng_ipc_listener_alloc.3tcp#,nng_ipc_listener_alloc(3tcp)>>,
-<<nng_ipc_listener_close.3tcp#,nng_ipc_listener_close(3tcp)>>,
+<<nng_ipc_listener_alloc.3ipc#,nng_ipc_listener_alloc(3ipc)>>,
+<<nng_ipc_listener_close.3ipc#,nng_ipc_listener_close(3ipc)>>,
 <<nng_ipc_listener.5#,nng_ipc_listener(5)>>
diff --git a/docs/man/nng_ipc_listener_getopt.3ipc.adoc b/docs/man/nng_ipc_listener_getopt.3ipc.adoc
index 86366556..f5e47ede 100644
--- a/docs/man/nng_ipc_listener_getopt.3ipc.adoc
+++ b/docs/man/nng_ipc_listener_getopt.3ipc.adoc
@@ -1,6 +1,6 @@
 = nng_ipc_listener_getopt(3ipc)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 // Copyright 2019 Devolutions <info@devolutions.net>
 //
@@ -12,14 +12,14 @@
 
 == NAME
 
-nng_ipc_listener_getopt - get option from TCP listener
+nng_ipc_listener_getopt - get option from IPC listener
 
 == SYNOPSIS
 
 [source, c]
 ----
 #include <nng/nng.h>
-#include <nng/supplemental/tcp/tcp.h>
+#include <nng/supplemental/ipc/ipc.h>
 
 int nng_ipc_listener_getopt(nng_ipc_listener *l, const char *name, void *data, size_t *sizep);
 ----
@@ -59,6 +59,7 @@ This function returns 0 on success, and non-zero otherwise.
 [.text-left]
 <<nng_ipc_listener_setopt.3ipc#,nng_ipc_listener_setopt(3ipc)>>,
 <<nng_ipc_getopt.3ipc#,nng_ipc_getopt(3ipc)>>,
+<<nng_ipc_options.5#,nng_ipc_options(5)>>,
 <<nng_options.5#,nng_options(5)>>,
 <<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_ipc.5#,nng_ipc(5)>>,
diff --git a/docs/man/nng_ipc_listener_setopt.3ipc.adoc b/docs/man/nng_ipc_listener_setopt.3ipc.adoc
index 7b4be712..0f627eab 100644
--- a/docs/man/nng_ipc_listener_setopt.3ipc.adoc
+++ b/docs/man/nng_ipc_listener_setopt.3ipc.adoc
@@ -35,8 +35,8 @@ in length.
 
 The options specifically suppported for modification on IPC listeners are:
 
-* <<nng_options.5#NNG_OPT_IPC_PERMISSIONS,`NNG_OPT_IPC_PERMISSIONS`>>
-* <<nng_options.5#NNG_OPT_IPC_SECURITY_DESCRIPTOR,`NNG_OPT_IPC_SECURITY_DESCRIPTOR`>>
+* <<nng_ipc_options.5#NNG_OPT_IPC_PERMISSIONS,`NNG_OPT_IPC_PERMISSIONS`>>
+* <<nng_ipc_options.5#NNG_OPT_IPC_SECURITY_DESCRIPTOR,`NNG_OPT_IPC_SECURITY_DESCRIPTOR`>>
 
 NOTE: Availability of the above options is platform-specific.
 
@@ -57,6 +57,7 @@ This function returns 0 on success, and non-zero otherwise.
 [.text-left]
 <<nng_ipc_listener_getopt.3ipc#,nng_ipc_listener_getopt(3ipc)>>,
 <<nng_ipc_setopt.3ipc#,nng_ipc_setopt(3ipc)>>,
+<<nng_ipc_options.5#,nng_ipc_options(5)>>,
 <<nng_options.5#,nng_options(5)>>,
 <<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_ipc.5#,nng_ipc(5)>>,
diff --git a/docs/man/nng_ipc_options.5.adoc b/docs/man/nng_ipc_options.5.adoc
new file mode 100644
index 00000000..ab00b993
--- /dev/null
+++ b/docs/man/nng_ipc_options.5.adoc
@@ -0,0 +1,136 @@
+= nng_ipc_options(5)
+//
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_ipc_options - IPC-specific options
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+
+#define NNG_OPT_IPC_PEER_GID            "ipc:peer-gid"
+#define NNG_OPT_IPC_PEER_PID            "ipc:peer-pid"
+#define NNG_OPT_IPC_PEER_UID            "ipc:peer-uid"
+#define NNG_OPT_IPC_PEER_ZONEID         "ipc:peer-zoneid"
+#define NNG_OPT_IPC_PERMISSIONS         "ipc:permissions"
+#define NNG_OPT_IPC_SECURITY_DESCRIPTOR "ipc:security-descriptor"
+----
+
+== DESCRIPTION
+
+This page documents the various standard options that can be set or
+retrieved on objects using IPC in the _nng_ library.
+
+The option names should always be used by their symbolic definitions.
+
+In the following list of options, the name of the option is supplied,
+along with the data type of the underlying value.
+
+Some options are only meaningful or supported in certain contexts, or may
+have other access restrictions.
+An attempt has been made to include details about such restrictions in the
+description of the option.
+
+NOTE: The availability of any of the following options is platform-specific,
+as the implementations of IPC are quite different on Windows and POSIX systems.
+
+=== IPC Options
+
+[[NNG_OPT_IPC_PEER_GID]]((`NNG_OPT_IPC_PEER_GID`))::
+(`uint64_t`)
+This read-only option provides a connected peer's primary
+group id.
+This is the effective group id of the peer when either the underlying
+`listen()` or `connect()` calls were made, and is not forgeable.
+This option is generally only available on POSIX systems.
+
+[[NNG_OPT_IPC_PEER_PID]]((`NNG_OPT_IPC_PEER_PID`))::
+(`uint64_t`)
+This read-only option provides the the process id
+of the connected peer.
+This option is only available on Windows, Linux, and certain other systems.
++
+NOTE: Applications should not assume that the process ID does not change,
+as it is possible (although unsupported!) for a nefarious process to pass a
+file descriptor between processes.
+However, it is not possible for a nefarious application to forge the identity
+of a well-behaved one using this method.
+
+[[NNG_OPT_IPC_PEER_UID]]((`NNG_OPT_IPC_PEER_UID`))::
+(`uint64_t`)
+This read-only option provides a connected peer's user id.
+This is the effective user id of the peer when either the underlying
+`listen()` or `connect()` calls were made, and is not forgeable.
+This option is generally only available on POSIX systems.
+
+[[NNG_OPT_IPC_PEER_ZONEID]]((`NNG_OPT_IPC_PEER_ZONEID`))::
+(`uint64_t`)
+This read-only option provides a connected peer's the zone id.
+Zones (and this option) are only supported on Solaris and illumos systems.
+
+[[NNG_OPT_IPC_PERMISSIONS]]((`NNG_OPT_IPC_PERMISSIONS`))::
+(`int`)
+This write-only option may be applied to a listener to configure the
+permissions that are used on the UNIX domain socket created by that listener.
+This property is only supported on POSIX systems.
+The value is of type `int`, representing the normal permission bits
+on a file, such as `0600` (typically meaning read-write to the owner, and
+no permissions for anyone else.)
+The default is system-specific, most often `0644`.
++
+IMPORTANT: Not all systems validate these permissions.
+In particular, illumos and Solaris are known to ignore these permission
+settings when connecting.
++
+NOTE: Normally both read and write permission will be necessary for a
+peer dialer to connect.
+See your system documentation for UNIX domain sockets for more information.
++
+NOTE: The _umask_ of the process is *not* applied to these bits.
++
+TIP: The best practice for limiting access is to place the socket in a
+directory writable only by the server, and only readable and searchable
+by clients.
+All mainstream POSIX systems will fail to permit a client to connect
+to a socket located in a directory for which the client lacks search (execute)
+permission.
+
+[[NNG_OPT_IPC_SECURITY_DESCRIPTOR]]((`NNG_OPT_IPC_SECURITY_DESCRIPTOR`))::
+(`PSECURITY_DESCRIPTOR`)
+This write-only option may be used on listeners on Windows platforms to
+configure the `SECURITY_DESCRIPTOR` that is used when creating the underlying
+named pipe.
+The value is a pointer, `PSECURITY_DESCRIPTOR`, and may only be
+applied to listeners that have not been started yet.
+
+=== Inherited Options
+
+Generally, the following option values are also available for TLS objects,
+when appropriate for the context:
+
+* <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
+* <<nng_options.5#NNG_OPT_REMADDR,`NNG_OPT_REMADDR`>>
+
+== SEE ALSO
+
+[.text-left]
+<<nng_ipc_dialer_getopt.3ipc#,nng_ipc_dialer_getopt(3ipc)>>,
+<<nng_ipc_dialer_setopt.3ipc#,nng_ipc_dialer_setopt(3ipc)>>,
+<<nng_ipc_getopt.3ipc#,nng_ipc_getopt(3ipc)>>,
+<<nng_ipc_listener_getopt.3ipc#,nng_ipc_listener_getopt(3ipc)>>,
+<<nng_ipc_listener_setopt.3ipc#,nng_ipc_listener_setopt(3ipc)>>,
+<<nng_ipc_setopt.3ipc#,nng_ipc_setopt(3ipc)>>,
+<<nng_options.5#,nng_options(5)>>
+<<nng.7#,nng(7)>>
diff --git a/docs/man/nng_ipc_setopt.3ipc.adoc b/docs/man/nng_ipc_setopt.3ipc.adoc
index 86dcbc40..b22bda98 100644
--- a/docs/man/nng_ipc_setopt.3ipc.adoc
+++ b/docs/man/nng_ipc_setopt.3ipc.adoc
@@ -1,6 +1,6 @@
 = nng_ipc_setopt(3ipc)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 // Copyright 2019 Devolutions <info@devolutions.net>
 //
@@ -19,7 +19,7 @@ nng_ipc_setopt - set option on IPC connection
 [source, c]
 ----
 #include <nng/nng.h>
-#include <nng/supplemental/tcp/tcp.h>
+#include <nng/supplemental/ipc/ipc.h>
 
 int nng_ipc_setopt(nng_ipc *conn, const char *name, const void *data, size_t size);
 ----
@@ -51,6 +51,7 @@ This function returns 0 on success, and non-zero otherwise.
 
 [.text-left]
 <<nng_ipc_getopt.3ipc#,nng_ipc_getopt(3ipc)>>,
+<<nng_ipc_options.5#,nng_ipc_options(5)>>,
 <<nng_options.5#,nng_options(5)>>,
 <<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_ipc.5#,nng_ipc(5)>>
diff --git a/docs/man/nng_msg.5.adoc b/docs/man/nng_msg.5.adoc
index 69789560..b4c776c3 100644
--- a/docs/man/nng_msg.5.adoc
+++ b/docs/man/nng_msg.5.adoc
@@ -1,6 +1,6 @@
-= nng_msg_alloc(3)
+= nng_msg(5)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This document is supplied under the terms of the MIT License, a
@@ -34,8 +34,8 @@ TIP: Using the message-oriented functions in the <<nng.7#,_nng_>> API is
 a good way to reduce the likelihood of data copies and improve application
 performance.
 
-Messages are allocated using the `<<nng_msg_alloc.3#,nng_msg_alloc()>>`
-function, and are deallocated using the `<<nng_msg_free.3#,nng_msg_free()>>`
+Messages are allocated using the <<nng_msg_alloc.3#,`nng_msg_alloc()`>>
+function, and are deallocated using the <<nng_msg_free.3#,`nng_msg_free()`>>
 function.
 
 In addition there are other functions used to access message contents,
diff --git a/docs/man/nng_options.5.adoc b/docs/man/nng_options.5.adoc
index 6b8a09f3..dd5f50eb 100644
--- a/docs/man/nng_options.5.adoc
+++ b/docs/man/nng_options.5.adoc
@@ -39,8 +39,6 @@ nng_options - socket, dialer, listener, and pipe options
 #define NNG_OPT_RECVMAXSZ     "recv-size-max"
 #define NNG_OPT_RECONNMINT    "reconnect-time-min"
 #define NNG_OPT_RECONNMAXT    "reconnect-time-max"
-#define NNG_OPT_TCP_NODELAY   "tcp-nodelay"
-#define NNG_OPT_TCP_KEEPALIVE "tcp-keepalive"
 ----
 
 == DESCRIPTION
@@ -87,7 +85,6 @@ description of the option.
 (<<nng_sockaddr.5#,`nng_sockaddr`>>)
 This read-only option may be used on listeners, dialers and connected pipes, and
 represents the local address used for communication.
-+
 NOTE: Not all transports support this option, and some transports may support it on
 listeners but not dialers.
 +
@@ -320,133 +317,6 @@ This read-only option is used to obtain the name of the socket's protocol.
 This read-only option is used to obtain the name of the peer protocol for
 the socket.
 
-=== TCP Options
-
-The following options are generally application to objects making use of
-TCP/IP communications.
-
-[[NNG_OPT_TCP_NODELAY]]
-((`NNG_OPT_TCP_NODELAY`))::
-(`bool`)
-This option is used to disable (or enable) the use of ((Nagle's algorithm))
-for TCP connections.
-+
-NOTE: This setting may apply to transports that are built on top of TCP.
-See the transport documentation for each transport for details.
-+
-When `true` (the default), messages are sent immediately by the underlying
-TCP stream without waiting to gather more data.
-+
-When `false`, Nagle's algorithm is enabled, and the TCP stream may
-wait briefly in attempt to coalesce messages.
-Nagle's algorithm is useful on low-bandwidth connections to reduce overhead,
-but it comes at a cost to latency.
-+
-When used on a dialer or a listener, the value affects how newly
-created connections will be configured.
-
-[[NNG_OPT_TCP_KEEPALIVE]]
-((`NNG_OPT_TCP_KEEPALIVE`))::
-(`bool`)
-This option is used to enable the sending of keep-alive messages on
-the underlying TCP stream.
-This option is `false` by default.
-+
-NOTE: This setting may apply to transports that are built on top of TCP.
-See the transport documentation for each transport for details.
-+
-When enabled, if no messages are seen for a period of time, then
-a zero length TCP message is sent with the ACK flag set in an attempt
-to tickle some traffic from the peer.
-If none is still seen (after some platform-specific number of retries and
-timeouts), then the remote peer is presumed dead, and the connection is closed.
-+
-When used on a dialer or a listener, the value affects how newly
-created connections will be configured.
-+
-TIP: This option has two purposes.
-First, it can be used to detect dead peers on an otherwise quiescent network.
-Second, it can be used to keep connection table entries in NAT and other
-middleware from being expiring due to lack of activity.
-
-=== IPC Options
-
-The following options are meaningful for IPC communications.
-
-NOTE: Most of these options are platform-specific, and may not be available
-on every platform.
-
-[[NNG_OPT_IPC_PEER_GID]]((`NNG_OPT_IPC_PEER_GID`))::
-(`uint64_t`)
-This read-only option provides a connected peer's primary
-group id.
-This is the effective group id of the peer when either the underlying
-`listen()` or `connect()` calls were made, and is not forgeable.
-This option is generally only available on POSIX systems.
-
-[[NNG_OPT_IPC_PEER_PID]]((`NNG_OPT_IPC_PEER_PID`))::
-(`uint64_t`)
-This read-only option provides the the process id
-of the connected peer.
-This option is only available on Windows, Linux, and certain other systems.
-+
-NOTE: Applications should not assume that the process ID does not change,
-as it is possible (although unsupported!) for a nefarious process to pass a
-file descriptor between processes.
-However, it is not possible for a nefarious application to forge the identity
-of a well-behaved one using this method.
-
-[[NNG_OPT_IPC_PEER_UID]]((`NNG_OPT_IPC_PEER_UID`))::
-(`uint64_t`)
-This read-only option provides a connected peer's user id.
-This is the effective user id of the peer when either the underlying
-`listen()` or `connect()` calls were made, and is not forgeable.
-This option is generally only available on POSIX systems.
-
-[[NNG_OPT_IPC_PEER_ZONEID]]((`NNG_OPT_IPC_PEER_ZONEID`))::
-(`uint64_t`)
-This read-only option provides a connected peer's the zone id.
-Zones (and this option) are only supported on Solaris and illumos systems.
-
-[[NNG_OPT_IPC_PERMISSIONS]]((`NNG_OPT_IPC_PERMISSIONS`))::
-(`int`)
-This write-only option may be applied to a listener to configure the
-permissions that are used on the UNIX domain socket created by that listener.
-This property is only supported on POSIX systems.
-The value is of type `int`, representing the normal permission bits
-on a file, such as `0600` (typically meaning read-write to the owner, and
-no permissions for anyone else.)
-The default is system-specific, most often `0644`.
-+
-IMPORTANT: Not all systems validate these permissions.
-In particular, illumos and Solaris are known to ignore these permission
-settings when connecting.
-+
-NOTE: Normally both read and write permission will be necessary for a
-peer dialer to connect.
-See your system documentation for UNIX domain sockets for more information.
-+
-NOTE: The _umask_ of the process is *not* applied to these bits.
-+
-TIP: The best practice for limiting access is to place the socket in a
-directory writable only by the server, and only readable and searchable
-by clients.
-All mainstream POSIX systems will fail to permit a client to connect
-to a socket located in a directory for which the client lacks search (execute)
-permission.
-+
-TIP: Also consider using the `NNG_OPT_IPC_PEER_UID` property from within a
-a pipe notification callback (`<<nng_pipe_notify.3#,nng_pipe_notify()>>`)
-to validate peer credentials.
-
-[[NNG_OPT_IPC_SECURITY_DESCRIPTOR]]((`NNG_OPT_IPC_SECURITY_DESCRIPTOR`))::
-(`PSECURITY_DESCRIPTOR`)
-This write-only option may be used on listeners on Windows platforms to
-configure the `SECURITY_DESCRIPTOR` that is used when creating the underlying
-named pipe.
-The value is a pointer, `PSECURITY_DESCRIPTOR`, and may only be
-applied to listeners that have not been started yet.
-
 == SEE ALSO
 
 [.text-left]
@@ -457,4 +327,7 @@ applied to listeners that have not been started yet.
 <<nng_listener_setopt.3#,nng_listener_setopt(3)>>,
 <<nng_pipe_getopt.3#,nng_pipe_getopt(3)>>,
 <<nng_setopt.3#,nng_setopt(3)>>,
+<<nng_ipc_options.5#,nng_ipc_options(5)>>,
+<<nng_tcp_options.5#,nng_tcp_options(5)>>,
+<<nng_tls_options.5#,nng_tls_options(5)>>,
 <<nng.7#,nng(7)>>
diff --git a/docs/man/nng_tcp.5.adoc b/docs/man/nng_tcp.5.adoc
index 7bf0a82f..b06901b6 100644
--- a/docs/man/nng_tcp.5.adoc
+++ b/docs/man/nng_tcp.5.adoc
@@ -61,8 +61,8 @@ accessed using the <<nng_tcp_getopt.3tcp#,`nng_tcp_getopt()`>> and
 
 * <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
 * <<nng_options.5#NNG_OPT_REMADDR,`NNG_OPT_REMADDR`>>
-* <<nng_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
-* <<nng_options.5#NNG_OPT_TCP_NO_DELAY,`NNG_OPT_TCP_NODELAY`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NO_DELAY,`NNG_OPT_TCP_NODELAY`>>
 
 Other platform specific options may be available as well.
 
@@ -78,4 +78,6 @@ Other platform specific options may be available as well.
 <<nng_tcp_recv.3tcp#,nng_tcp_recv(3tcp)>>,
 <<nng_tcp_send.3tcp#,nng_tcp_send(3tcp)>>,
 <<nng_tcp_setopt.3tcp#,nng_tcp_setopt(3tcp)>>,
+<<nng_options.5#,nng_options(5)>>,
+<<nng_tcp_options.5#,nng_tcp_options(5)>>,
 <<nng.7#,nng(7)>>
diff --git a/docs/man/nng_tcp.7.adoc b/docs/man/nng_tcp.7.adoc
index fb3e22be..6091609b 100644
--- a/docs/man/nng_tcp.7.adoc
+++ b/docs/man/nng_tcp.7.adoc
@@ -1,6 +1,6 @@
 = nng_tcp(7)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This document is supplied under the terms of the MIT License, a
@@ -82,30 +82,29 @@ The entire URI must be less than `NNG_MAXADDRLEN` bytes long.
 
 === Socket Address
 
-When using an `<<nng_sockaddr.5#,nng_sockaddr>>` structure,
+When using an <<nng_sockaddr.5#,`nng_sockaddr`>> structure,
 the actual structure is either of type
-`<<nng_sockaddr_in.5#,nng_sockaddr_in>>` (for IPv4) or
-`<<nng_sockaddr_in6.5#,nng_sockaddr_in6>>` (for IPv6).
+<<nng_sockaddr_in.5#,`nng_sockaddr_in`>> (for IPv4) or
+<<nng_sockaddr_in6.5#,`nng_sockaddr_in6`>> (for IPv6).
 
 === Transport Options
 
-((`NNG_OPT_TCP_KEEPALIVE`))::
-(`bool`) Enable TCP keep-alives, defaults to `false`.
+The following transport options are supported by this transport,
+where supported by the underlying platform.
+
+* <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
+* <<nng_options.5#NNG_OPT_REMADDR,`NNG_OPT_REMADDR`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
+* <<nng_options.5#NNG_OPT_URL,`NNG_OPT_URL`>>
 
-((`NNG_OPT_TCP_NODELAY`))::
-(`bool`) Disable Nagle's algorithm.
-When enabled (`false`), the underlying TCP stream will attempt
-to buffer and coalesce messages before sending them on, waiting
-a short interval to improve buffering and reduce the overhead
-caused by sending too-small messages.
-This comes at a cost to latency, and is not recommended with modern
-high speed networks.
-Defaults to `true`.
 
 == SEE ALSO
 
 [.text-left]
+<<nng_options.5#,nng_options(5)>>,
 <<nng_sockaddr.5#,nng_sockaddr(5)>>,
 <<nng_sockaddr_in.5#,nng_sockaddr_in(5)>>,
 <<nng_sockaddr_in6.5#,nng_sockaddr_in6(5)>>,
+<<nng_tcp_options.5#,nng_tcp_options(5)>>,
 <<nng.7#,nng(7)>>
diff --git a/docs/man/nng_tcp_close.3tcp.adoc b/docs/man/nng_tcp_close.3tcp.adoc
index 6428501c..5e68398b 100644
--- a/docs/man/nng_tcp_close.3tcp.adoc
+++ b/docs/man/nng_tcp_close.3tcp.adoc
@@ -1,6 +1,6 @@
 = nng_tcp_close(3tcp)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This document is supplied under the terms of the MIT License, a
@@ -27,8 +27,8 @@ void nng_tcp_close(nng_tcp *conn);
 
 The `nng_tcp_close()` function closes the supplied TCP connection, _conn_.
 
-If any operations are pending (such as `<<nng_tcp_send.3tcp#,nng_tcp_send()>>`
-or `<<nng_tcp_recv.3tcp#,nng_tcp_recv()>>` they will be terminated with
+If any operations are pending (such as <<nng_tcp_send.3tcp#,`nng_tcp_send()`>>
+or <<nng_tcp_recv.3tcp#,`nng_tcp_recv()`>> they will be terminated with
 an `NNG_ECLOSED` error condition.
 Also, any new operations will fail with `NNG_ECLOSED` after the connection
 is closed.
@@ -40,7 +40,7 @@ have completely transmitted.
 
 NOTE: Closing the connection does not free the resources associated with it.
 Once it is certain that no more operations are pending on the connection,
-it should be freed with `<<nng_tcp_free.3tcp#,nng_tcp_free()>>`.
+it should be freed with <<nng_tcp_free.3tcp#,`nng_tcp_free()`>>.
 
 == RETURN VALUES
 
diff --git a/docs/man/nng_tcp_dialer.5.adoc b/docs/man/nng_tcp_dialer.5.adoc
index 99df685d..651afd02 100644
--- a/docs/man/nng_tcp_dialer.5.adoc
+++ b/docs/man/nng_tcp_dialer.5.adoc
@@ -1,6 +1,6 @@
 = nng_tcp_dialer(5)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This document is supplied under the terms of the MIT License, a
@@ -27,7 +27,7 @@ typedef struct nng_tcp_dialer_s nng_tcp_dialer;
 
 (((TCP, dialer)))
 An `nng_tcp_dialer` is a handle to a TCP "`dialer`", which is responsible for
-creating a connections (`<<nng_tcp.5#,nng_tcp>>` objects) by connecting to
+creating connections (<<nng_tcp.5#,`nng_tcp`>> objects) by connecting to
 remote systems.
 
 NOTE: The `nng_tcp_dialer` object is used for raw TCP connections, and
@@ -35,7 +35,7 @@ should not be confused with a dialer object created using the
 <<nng_tcp.7#,nng_tcp(7)>> transport.
 
 TIP: Most NNG applications should not use this, but instead use the
-`<<nng_tcp.7#,nng_tcp>>` transport instead.
+<<nng_tcp.7#,`nng_tcp`>> transport instead.
 
 == SEE ALSO
 
diff --git a/docs/man/nng_tcp_dialer_alloc.3tcp.adoc b/docs/man/nng_tcp_dialer_alloc.3tcp.adoc
index 4d06900e..3e215695 100644
--- a/docs/man/nng_tcp_dialer_alloc.3tcp.adoc
+++ b/docs/man/nng_tcp_dialer_alloc.3tcp.adoc
@@ -41,8 +41,10 @@ This function returns 0 on success, and non-zero otherwise.
 == SEE ALSO
 
 [.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_tcp_dialer_close.3tcp#,nng_tcp_dialer_close(3tcp)>>,
 <<nng_tcp_dialer_dial.3tcp#,nng_tcp_dialer_dial(3tcp)>>,
 <<nng_tcp_dialer_free.3tcp#,nng_tcp_dialer_free(3tcp)>>,
-<<nng_tcp_dialer.5#,nng_tcp_dialer(5)>>,
-<<nng_strerror.3#,nng_strerror(3)>>
+<<nng_tcp_dialer_getopt.3tcp#,nng_tcp_dialer_getopt(3tcp)>>,
+<<nng_tcp_dialer_setopt.3tcp#,nng_tcp_dialer_setopt(3tcp)>>,
+<<nng_tcp_dialer.5#,nng_tcp_dialer(5)>>
diff --git a/docs/man/nng_tcp_dialer_dial.3tcp.adoc b/docs/man/nng_tcp_dialer_dial.3tcp.adoc
index 66893f93..3f0c8ba6 100644
--- a/docs/man/nng_tcp_dialer_dial.3tcp.adoc
+++ b/docs/man/nng_tcp_dialer_dial.3tcp.adoc
@@ -1,6 +1,6 @@
 = nng_tcp_dialer_dial(3tcp)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This document is supplied under the terms of the MIT License, a
@@ -33,8 +33,8 @@ The address _sa_ must be in the `NNG_AF_INET` or `NNG_AF_INET6` families,
 and have a valid IPv4 or IPv6 address and TCP port number.
 
 If a connection is successfully established, the _aio_ will have the
-resulting `<<nng_tcp.5#,nng_tcp>>` stored as its first output.
-(See `<<nng_aio_get_output.3#,nng_aio_get_output()>>`.)
+resulting <<nng_tcp.5#,`nng_tcp`>> stored as its first output.
+(See <<nng_aio_get_output.3#,`nng_aio_get_output()`>>.)
 
 == RETURN VALUES
 
@@ -46,8 +46,8 @@ None.
 `NNG_EADDRINVAL`:: The address specified is invalid.
 `NNG_ECANCELED`:: The operation was aborted.
 `NNG_ECLOSED`:: The dialer is closed.
-`NNG_ECONNREFUSED`:: The TCP connection was refused by the server.
-`NNG_ECONNRESET`:: The TCP connection was reset by the server.
+`NNG_ECONNREFUSED`:: The connection was refused by the server.
+`NNG_ECONNRESET`:: The connection was reset by the server.
 `NNG_ENOMEM`:: Insufficient free memory exists.
 
 == SEE ALSO
diff --git a/docs/man/nng_tcp_dialer_getopt.3tcp.adoc b/docs/man/nng_tcp_dialer_getopt.3tcp.adoc
index dca43ade..b99b17eb 100644
--- a/docs/man/nng_tcp_dialer_getopt.3tcp.adoc
+++ b/docs/man/nng_tcp_dialer_getopt.3tcp.adoc
@@ -26,7 +26,8 @@ int nng_tcp_getopt(nng_tcp_dialer *d, const char *name, void *data, size_t *size
 
 == DESCRIPTION
 
-The `nng_tcp_dialer_getopt()` is used to retrieve the value of the option _name_ for the <<nng_tcp_dialer.5#,TCP dialer>> _d_.
+The `nng_tcp_dialer_getopt()` is used to retrieve the value of the option _name_
+for the <<nng_tcp_dialer.5#,TCP dialer>> _d_.
 The size of the buffer located at _data_ to receive the copy is passed by the
 caller at the location referenced by _sizep_.
 If this size is sufficient to hold the entire object, the object is copied into
@@ -40,8 +41,8 @@ at the location of _sizep_.
 The options specifically suppported for retrieval from TCP dialers are:
 
 * <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
-* <<nng_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
-* <<nng_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
 
 == RETURN VALUES
 
@@ -59,9 +60,10 @@ This function returns 0 on success, and non-zero otherwise.
 == SEE ALSO
 
 [.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_tcp_dialer_setopt.3tcp#,nng_tcp_dialer_setopt(3tcp)>>,
 <<nng_tcp_getopt.3tcp#,nng_tcp_getopt(3tcp)>>,
 <<nng_options.5#,nng_options(5)>>,
-<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tcp_options.5#,nng_tcp_options(5)>>,
 <<nng_tcp.5#,nng_tcp(5)>>,
 <<nng_tcp_dialer.5#,nng_tcp_dialer(5)>>
diff --git a/docs/man/nng_tcp_dialer_setopt.3tcp.adoc b/docs/man/nng_tcp_dialer_setopt.3tcp.adoc
index 567291a7..ae06cc3c 100644
--- a/docs/man/nng_tcp_dialer_setopt.3tcp.adoc
+++ b/docs/man/nng_tcp_dialer_setopt.3tcp.adoc
@@ -35,9 +35,9 @@ in length.
 
 The options specifically suppported for modification on TCP dialers are:
 
-* <<nng_options.5#NNG_OPT_TCP_LOCADDR,`NNG_OPT_LOCADDR`>>
-* <<nng_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
-* <<nng_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
+* <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
 
 == RETURN VALUES
 
@@ -54,9 +54,10 @@ This function returns 0 on success, and non-zero otherwise.
 == SEE ALSO
 
 [.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_tcp_dialer_getopt.3tcp#,nng_tcp_dialer_getopt(3tcp)>>,
 <<nng_tcp_setopt.3tcp#,nng_tcp_setopt(3tcp)>>,
 <<nng_options.5#,nng_options(5)>>,
-<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tcp_options.5#,nng_tcp_options(5)>>,
 <<nng_tcp.5#,nng_tcp(5)>>,
 <<nng_tcp_dialer.5#,nng_tcp_dialer(5)>>
diff --git a/docs/man/nng_tcp_free.3tcp.adoc b/docs/man/nng_tcp_free.3tcp.adoc
index 3a9f5ff1..c87380cd 100644
--- a/docs/man/nng_tcp_free.3tcp.adoc
+++ b/docs/man/nng_tcp_free.3tcp.adoc
@@ -28,8 +28,8 @@ void nng_tcp_free(nng_tcp *conn);
 The `nng_tcp_free()` function closes the supplied TCP connection, _conn_,
 and frees the underlying resources associated with it.
 
-If any operations are pending (such as `<<nng_tcp_send.3tcp#,nng_tcp_send()>>`
-or `<<nng_tcp_recv.3tcp#,nng_tcp_recv()>>` they will be terminated with
+If any operations are pending (such as <<nng_tcp_send.3tcp#,`nng_tcp_send()`>>
+or <<nng_tcp_recv.3tcp#,`nng_tcp_recv()`>> they will be terminated with
 an `NNG_ECLOSED` error condition.
 
 WARNING: It is important that the application ensure that no further accesses
diff --git a/docs/man/nng_tcp_getopt.3tcp.adoc b/docs/man/nng_tcp_getopt.3tcp.adoc
index db08598b..f785791b 100644
--- a/docs/man/nng_tcp_getopt.3tcp.adoc
+++ b/docs/man/nng_tcp_getopt.3tcp.adoc
@@ -42,8 +42,8 @@ The options specifically suppported for retrieval from TCP connections are:
 
 * <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
 * <<nng_options.5#NNG_OPT_REMADDR,`NNG_OPT_REMADDR`>>
-* <<nng_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
-* <<nng_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
 
 == RETURN VALUES
 
@@ -61,7 +61,8 @@ This function returns 0 on success, and non-zero otherwise.
 == SEE ALSO
 
 [.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_tcp_setopt.3tcp#,nng_tcp_setopt(3tcp)>>,
 <<nng_options.5#,nng_options(5)>>,
-<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tcp_options.5#,nng_tcp_options(5)>>,
 <<nng_tcp.5#,nng_tcp(5)>>
diff --git a/docs/man/nng_tcp_listener.5.adoc b/docs/man/nng_tcp_listener.5.adoc
index f616d321..ffa6fb53 100644
--- a/docs/man/nng_tcp_listener.5.adoc
+++ b/docs/man/nng_tcp_listener.5.adoc
@@ -44,7 +44,9 @@ TIP: Most NNG applications should not use this, but instead use the
 <<nng_tcp_listener_alloc.3tcp#,nng_tcp_listener_alloc(3tcp)>>,
 <<nng_tcp_listener_close.3tcp#,nng_tcp_listener_close(3tcp)>>,
 <<nng_tcp_listener_free.3tcp#,nng_tcp_listener_free(3tcp)>>,
+<<nng_tcp_listener_getopt.3tcp#,nng_tcp_listener_getopt(3tcp)>>,
 <<nng_tcp_listener_listen.3tcp#,nng_tcp_listener_listen(3tcp)>>,
+<<nng_tcp_listener_setopt.3tcp#,nng_tcp_listener_setopt(3tcp)>>,
 <<nng_tcp.5#,nng_tcp(5)>>,
 <<nng_tcp_dialer.5#,nng_tcp_dialer(5)>>,
 <<nng_tcp.7#,nng_tcp(7)>>
diff --git a/docs/man/nng_tcp_listener_accept.3tcp.adoc b/docs/man/nng_tcp_listener_accept.3tcp.adoc
index e0c5f27b..a50d709e 100644
--- a/docs/man/nng_tcp_listener_accept.3tcp.adoc
+++ b/docs/man/nng_tcp_listener_accept.3tcp.adoc
@@ -33,13 +33,13 @@ This operation can only be done after the listener is already bound to
 a TCP port and is <<nng_tcp_listener_listen.3tcp#,listening>>.
 
 If a connection is successfully established, the _aio_ will have the
-resulting `<<nng_tcp.5#,nng_tcp>>` stored as its first output.
-(See `<<nng_aio_get_output.3#,nng_aio_get_output()>>`.)
+resulting <<nng_tcp.5#,`nng_tcp`>> stored as its first output.
+(See <<nng_aio_get_output.3#,`nng_aio_get_output()`>>.)
 
 The address of the remote peer can be determined using the
 <<nng_options.5#NNG_OPT_REMADDR,`NNG_OPT_REMADDR`>> option with the
 <<nng_tcp_getopt.3tcp#,`nng_tcp_getopt()`>> function on the
-returned `<<nng_tcp.5#,nng_tcp>>`.
+returned <<nng_tcp.5#,`nng_tcp`>>.
 
 == RETURN VALUES
 
diff --git a/docs/man/nng_tcp_listener_alloc.3tcp.adoc b/docs/man/nng_tcp_listener_alloc.3tcp.adoc
index 14276824..718ac7a5 100644
--- a/docs/man/nng_tcp_listener_alloc.3tcp.adoc
+++ b/docs/man/nng_tcp_listener_alloc.3tcp.adoc
@@ -41,9 +41,11 @@ This function returns 0 on success, and non-zero otherwise.
 == SEE ALSO
 
 [.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_tcp_listener_accept.3tcp#,nng_tcp_listener_accept(3tcp)>>,
 <<nng_tcp_listener_close.3tcp#,nng_tcp_listener_close(3tcp)>>,
 <<nng_tcp_listener_free.3tcp#,nng_tcp_listener_free(3tcp)>>,
+<<nng_tcp_listener_getopt.3tcp#,nng_tcp_listener_getopt(3tcp)>>,
 <<nng_tcp_listener_listen.3tcp#,nng_tcp_listener_listen(3tcp)>>,
-<<nng_tcp_listener.5#,nng_tcp_listener(5)>>,
-<<nng_strerror.3#,nng_strerror(3)>>
+<<nng_tcp_listener_setopt.3tcp#,nng_tcp_listener_setopt(3tcp)>>,
+<<nng_tcp_listener.5#,nng_tcp_listener(5)>>
diff --git a/docs/man/nng_tcp_listener_getopt.3tcp.adoc b/docs/man/nng_tcp_listener_getopt.3tcp.adoc
index 8f39c8bd..29a34192 100644
--- a/docs/man/nng_tcp_listener_getopt.3tcp.adoc
+++ b/docs/man/nng_tcp_listener_getopt.3tcp.adoc
@@ -40,8 +40,8 @@ at the location of _sizep_.
 The options specifically suppported for retrieval from TCP listeners are:
 
 * <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
-* <<nng_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
-* <<nng_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
 
 == RETURN VALUES
 
@@ -59,9 +59,11 @@ This function returns 0 on success, and non-zero otherwise.
 == SEE ALSO
 
 [.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_tcp_listener_setopt.3tcp#,nng_tcp_listener_setopt(3tcp)>>,
 <<nng_tcp_getopt.3tcp#,nng_tcp_getopt(3tcp)>>,
 <<nng_options.5#,nng_options(5)>>,
-<<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_tcp.5#,nng_tcp(5)>>,
-<<nng_tcp_listener.5#,nng_tcp_listener(5)>>
+<<nng_tcp_listener.5#,nng_tcp_listener(5)>>,
+<<nng_tcp_options.5#,nng_tcp_options(5)>>
+
diff --git a/docs/man/nng_tcp_listener_setopt.3tcp.adoc b/docs/man/nng_tcp_listener_setopt.3tcp.adoc
index 15aa4e1f..7e69c472 100644
--- a/docs/man/nng_tcp_listener_setopt.3tcp.adoc
+++ b/docs/man/nng_tcp_listener_setopt.3tcp.adoc
@@ -35,8 +35,8 @@ in length.
 
 The options specifically suppported for modification on TCP listeners are:
 
-* <<nng_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
-* <<nng_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
 
 == RETURN VALUES
 
@@ -53,9 +53,10 @@ This function returns 0 on success, and non-zero otherwise.
 == SEE ALSO
 
 [.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_tcp_listener_getopt.3tcp#,nng_tcp_listener_getopt(3tcp)>>,
 <<nng_tcp_setopt.3tcp#,nng_tcp_setopt(3tcp)>>,
 <<nng_options.5#,nng_options(5)>>,
-<<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_tcp.5#,nng_tcp(5)>>,
-<<nng_tcp_listener.5#,nng_tcp_listener(5)>>
+<<nng_tcp_listener.5#,nng_tcp_listener(5)>>,
+<<nng_tcp_options.5#,nng_tcp_options(5)>>
diff --git a/docs/man/nng_tcp_options.5.adoc b/docs/man/nng_tcp_options.5.adoc
new file mode 100644
index 00000000..f16af5ea
--- /dev/null
+++ b/docs/man/nng_tcp_options.5.adoc
@@ -0,0 +1,110 @@
+= nng_tcp_options(5)
+//
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tcp_options - TTCP-specific options
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+
+
+#define NNG_OPT_TCP_NODELAY   "tcp-nodelay"
+#define NNG_OPT_TCP_KEEPALIVE "tcp-keepalive"
+----
+
+== DESCRIPTION
+
+This page documents the various standard options that can be set or
+retrieved on objects using TCP in the _nng_ library.
+
+The option names should always be used by their symbolic definitions.
+
+In the following list of options, the name of the option is supplied,
+along with the data type of the underlying value.
+
+Some options are only meaningful or supported in certain contexts, or may
+have other access restrictions.
+An attempt has been made to include details about such restrictions in the
+description of the option.
+
+The following options are generally application to objects making use of
+TCP/IP communications.
+
+=== TCP Options
+
+[[NNG_OPT_TCP_NODELAY]]
+((`NNG_OPT_TCP_NODELAY`))::
+(`bool`)
+This option is used to disable (or enable) the use of ((Nagle's algorithm))
+for TCP connections.
++
+NOTE: This setting may apply to transports that are built on top of TCP.
+See the transport documentation for each transport for details.
++
+When `true` (the default), messages are sent immediately by the underlying
+TCP stream without waiting to gather more data.
++
+When `false`, Nagle's algorithm is enabled, and the TCP stream may
+wait briefly in attempt to coalesce messages.
+Nagle's algorithm is useful on low-bandwidth connections to reduce overhead,
+but it comes at a cost to latency.
++
+When used on a dialer or a listener, the value affects how newly
+created connections will be configured.
+
+[[NNG_OPT_TCP_KEEPALIVE]]
+((`NNG_OPT_TCP_KEEPALIVE`))::
+(`bool`)
+This option is used to enable the sending of keep-alive messages on
+the underlying TCP stream.
+This option is `false` by default.
++
+NOTE: This setting may apply to transports that are built on top of TCP.
+See the transport documentation for each transport for details.
++
+When enabled, if no messages are seen for a period of time, then
+a zero length TCP message is sent with the ACK flag set in an attempt
+to tickle some traffic from the peer.
+If none is still seen (after some platform-specific number of retries and
+timeouts), then the remote peer is presumed dead, and the connection is closed.
++
+When used on a dialer or a listener, the value affects how newly
+created connections will be configured.
++
+TIP: This option has two purposes.
+First, it can be used to detect dead peers on an otherwise quiescent network.
+Second, it can be used to keep connection table entries in NAT and other
+middleware from being expiring due to lack of activity.
+
+=== Inherited Options
+
+Generally, the following option values are also available for TCP objects,
+when appropriate for the context:
+
+* <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
+* <<nng_options.5#NNG_OPT_REMADDR,`NNG_OPT_REMADDR`>>
+
+== SEE ALSO
+
+[.text-left]
+<<nng_tcp_dialer_getopt.3tcp#,nng_tcp_dialer_getopt(3tcp)>>,
+<<nng_tcp_dialer_setopt.3tcp#,nng_tcp_dialer_setopt(3tcp)>>,
+<<nng_tcp_getopt.3tcp#,nng_tcp_getopt(3tcp)>>,
+<<nng_tcp_listener_getopt.3tcp#,nng_tcp_listener_getopt(3tcp)>>,
+<<nng_tcp_listener_setopt.3tcp#,nng_tcp_listener_setopt(3tcp)>>,
+<<nng_tcp_setopt.3tcp#,nng_tcp_setopt(3tcp)>>,
+<<nng_options.5#,nng_options(5)>>
+<<nng.7#,nng(7)>>
diff --git a/docs/man/nng_tcp_recv.3tcp.adoc b/docs/man/nng_tcp_recv.3tcp.adoc
index 5db9ea52..787ebfd3 100644
--- a/docs/man/nng_tcp_recv.3tcp.adoc
+++ b/docs/man/nng_tcp_recv.3tcp.adoc
@@ -1,6 +1,6 @@
 = nng_tcp_recv(3tcp)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This document is supplied under the terms of the MIT License, a
@@ -29,20 +29,20 @@ The `nng_tcp_recv()` function starts an asynchronous receive from the
 TCP connection _conn_, into the scatter/gather vector located in the
 asynchronous I/O structure _aio_.
 
-NOTE: The `<<nng_aio_set_iov.3#,nng_aio_set_iov()>>` function must have been
+NOTE: The <<nng_aio_set_iov.3#,`nng_aio_set_iov()`>> function must have been
 called first, to set the scatter/gather vector for _aio_.
 
 This function returns immediately, with no return value.
 Completion of the operation is signaled via the _aio_,
 and the final result may be obtained via
-`<<nng_aio_result.3#,nng_aio_result()>>`.
+<<nng_aio_result.3#,`nng_aio_result()`>>.
 That result will either be zero or an error code.
 
 The I/O operation completes as soon as at least one byte has been
 received, or an error has occurred.
 Therefore, the number of bytes read may be less than requested.
 The actual number of bytes read can be determined with
-`<<nng_aio_count.3#,nng_aio_count()>>`.
+<<nng_aio_count.3#,`nng_aio_count()`>>.
 
 NOTE: While TCP has the notion of urgent (out-of-band) delivery, that is
 used by very few protocols and this API does not support it.
@@ -68,7 +68,7 @@ None.
 <<nng_aio_count.3#,nng_aio_count(3)>>,
 <<nng_aio_result.3#,nng_aio_result(3)>>,
 <<nng_aio_set_iov.3#,nng_aio_set_iov(3)>>,
+<<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_tcp_close.3tcp#,nng_tcp_close(3tcp)>>,
 <<nng_tcp_send.3tcp#,nng_tcp_send(3tcp)>>,
-<<nng_tcp.5#,nng_tcp(5)>>,
-<<nng_strerror.3#,nng_strerror(3)>>
+<<nng_tcp.5#,nng_tcp(5)>>
diff --git a/docs/man/nng_tcp_send.3tcp.adoc b/docs/man/nng_tcp_send.3tcp.adoc
index 723781d5..806dd9c0 100644
--- a/docs/man/nng_tcp_send.3tcp.adoc
+++ b/docs/man/nng_tcp_send.3tcp.adoc
@@ -29,19 +29,19 @@ The `nng_tcp_send()` function starts an asynchronous send over the
 TCP connection _conn_ from the scatter/gather vector located in the
 asynchronous I/O structure _aio_.
 
-NOTE: The `<<nng_aio_set_iov.3#,nng_aio_set_iov()>>` function must have been
+NOTE: The <<nng_aio_set_iov.3#,`nng_aio_set_iov()`>> function must have been
 called first, to set the scatter/gather vector for _aio_.
 
 This function returns immediately, with no return value.
 Completion of the operation is signaled via the _aio_, and the final
-result may be obtained via `<<nng_aio_result.3#,nng_aio_result()>>`.
+result may be obtained via <<nng_aio_result.3#,`nng_aio_result()`>>.
 That result will either be zero or an error code.
 
 The I/O operation completes as soon as at least one byte has been
 sent, or an error has occurred.
 Therefore, the number of bytes sent may be less than requested.
 The actual number of bytes sent can be determined with
-`<<nng_aio_count.3#,nng_aio_count()>>`.
+<<nng_aio_count.3#,`nng_aio_count()`>>.
 
 NOTE: While TCP has the notion of urgent (out-of-band) delivery, that is
 used by very few protocols and this API does not support it.
diff --git a/docs/man/nng_tcp_setopt.3tcp.adoc b/docs/man/nng_tcp_setopt.3tcp.adoc
index 9debd3ef..b47bf62e 100644
--- a/docs/man/nng_tcp_setopt.3tcp.adoc
+++ b/docs/man/nng_tcp_setopt.3tcp.adoc
@@ -36,8 +36,8 @@ in length.
 The options specifically suppported for modification on TCP
 connections are:
 
-* <<nng_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
-* <<nng_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
 
 == RETURN VALUES
 
@@ -56,5 +56,6 @@ This function returns 0 on success, and non-zero otherwise.
 [.text-left]
 <<nng_tcp_getopt.3tcp#,nng_tcp_getopt(3tcp)>>,
 <<nng_options.5#,nng_options(5)>>,
+<<nng_tcp_options.5#,nng_tcp_options(5)>>,
 <<nng_strerror.3#,nng_strerror(3)>>,
 <<nng_tcp.5#,nng_tcp(5)>>
diff --git a/docs/man/nng_tls.5.adoc b/docs/man/nng_tls.5.adoc
new file mode 100644
index 00000000..3e10f315
--- /dev/null
+++ b/docs/man/nng_tls.5.adoc
@@ -0,0 +1,86 @@
+= nng_tls(5)
+//
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls - TLS over TCP connection
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+typedef struct nng_tls_s nng_tls;
+----
+
+== DESCRIPTION
+
+An `nng_tls` (((TLS connection))) represents a connected stream.
+TLS stream objects can be used to send or receive data, and
+provide transport level security via cryptography over a TCP connected
+stream.
+
+NOTE: The `nng_tls` object is used for raw TLS connections, and
+should not be confused with a pipe object created using the
+<<nng_tls.7#,nng_tls(7)>> transport.
+
+TIP: Most NNG applications should not use this, but instead use the
+<<nng_tls.7#,nng_tls(7)>> transport instead.
+
+These objects are created either establishing an outgoing connection
+with <<nng_tls_dialer_dial.3tls#,`nng_tls_dialer_dial()`>> or by
+accepting in incoming connection with
+<<nng_tls_listener_accept.3tls#,`nng_tls_listener_accept()`>>.
+
+TLS connections are byte streams, and are "`reliable`" in that data
+will not be delivered out of order, or with portions missing.
+
+Data can be sent using <<nng_tls_send.3tls#,`nng_tls_send()`>> or
+received with <<nng_tls_recv.3tls#,`nng_tls_recv()`>>.
+
+When the connection is no longer needed, it should be freed with
+<<nng_tls_free.3tls#,`nng_tls_free()`>>.
+
+TIP: It is possible to close the connection, without freeing it, by
+using <<nng_tls_close.3tls#,`nng_tls_close()`>>.
+
+=== Options
+
+The following options are applicable to TLS connections, and may be
+accessed using the <<nng_tls_getopt.3tls#,`nng_tls_getopt()`>> and
+<<nng_tls_setopt.3tls#,`nng_tls_setopt()`>> functions.
+
+* <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
+* <<nng_options.5#NNG_OPT_REMADDR,`NNG_OPT_REMADDR`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NO_DELAY,`NNG_OPT_TCP_NODELAY`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_VERIFIED,`NNG_OPT_TLS_VERIFIED`>>
+
+Other platform specific options may be available as well.
+
+== SEE ALSO
+
+[.text-left]
+<<libnng.3#,libnng(3)>>,
+<<nng_tls_close.3tls#,nng_tls_close(3tls)>>,
+<<nng_tls_dialer_dial.3tls#,nng_tls_dialer_dial(3tls)>>,
+<<nng_tls_free.3tls#,nng_tls_free(3tls)>>,
+<<nng_tls_getopt.3tls#,nng_tls_getopt(3tls)>>,
+<<nng_tls_listener_accept.3tls#,nng_tls_listener_accept(3tls)>>,
+<<nng_tls_recv.3tls#,nng_tls_recv(3tls)>>,
+<<nng_tls_send.3tls#,nng_tls_send(3tls)>>,
+<<nng_tls_setopt.3tls#,nng_tls_setopt(3tls)>>,
+<<nng_options.5#,nng_options(5)>>,
+<<nng_tls_options.5#,nng_tls_options(5)>>,
+<<nng.7#,nng(7)>>
diff --git a/docs/man/nng_tls.7.adoc b/docs/man/nng_tls.7.adoc
index 06e6f1c4..f2db7035 100644
--- a/docs/man/nng_tls.7.adoc
+++ b/docs/man/nng_tls.7.adoc
@@ -1,6 +1,6 @@
 = nng_tls(7)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This document is supplied under the terms of the MIT License, a
@@ -38,7 +38,7 @@ http://nanomsg.org/rfcs/sp-tls-v1.html[TLS Mapping for Scalability Protocols].
 
 Depending upon how the library was built, it may be necessary to
 register the transport by calling
-`<<nng_tls_register.3#,nng_tls_register()>>`.
+<<nng_tls_register.3#,`nng_tls_register()`>>.
 
 === Availability
 
@@ -108,68 +108,35 @@ The entire URI must be less than `NNG_MAXADDRLEN` bytes long.
 
 === Socket Address
 
-When using an `<<nng_sockaddr.5#,nng_sockaddr>>` structure,
+When using an <<nng_sockaddr.5#,`nng_sockaddr`>> structure,
 the actual structure is either of type
-`<<nng_sockaddr_in.5#,nng_sockaddr_in>>` (for IPv4) or
-`<<nng_sockaddr_in6.5#,nng_sockaddr_in6>>` (for IPv6).
+<<nng_sockaddr_in.5#,`nng_sockaddr_in`>> (for IPv4) or
+<<nng_sockaddr_in6.5#,`nng_sockaddr_in6`>> (for IPv6).
 
 === Transport Options
 
 The following transport options are available.
 Note that setting these must be done before the transport is started.
 
-((`NNG_OPT_TCP_KEEPALIVE`))::
-(`bool`) Enable TCP keep-alives, defaults to `false`.
-
-((`NNG_OPT_TCP_NODELAY`))::
-(`bool`) Disable Nagle's algorithm.
-When enabled (`false`), the underlying TCP stream will attempt
-to buffer and coalesce messages before sending them on, waiting
-a short interval to improve buffering and reduce the overhead
-caused by sending too-small messages.
-This comes at a cost to latency, and is not recommended with modern
-high speed networks.
-Defaults to `true`.
-
-((`NNG_OPT_TLS_CONFIG`))::
-(`nng_tls_config *`)
-The underlying TLS
-configuration object.
-A hold is placed on the underlying
-configuration object before returning it.
-The caller should release the hold with
-`<<nng_tls_config_free.3tls#,nng_tls_config_free()>>` when it no
-longer needs the TLS configuration object.
-
-TIP: Use this option when advanced TLS configuration is required.
-
-((`NNG_OPT_TLS_CA_FILE`))::
-(string) Write-only option naming a file containing certificates to
-use for peer validation.
-See `<<nng_tls_config_ca_file.3tls#,nng_tls_config_ca_file()>>` for more
-information.
-
-((`NNG_OPT_TLS_CERT_KEY_FILE`))::
-(string) Write-only option naming a file containing the local certificate and
-associated private key.
-The private key used must be unencrypted.
-See `<<nng_tls_config_own_cert.3tls#,nng_tls_config_own_cert()>>` for more
-information.
-
-((`NNG_OPT_TLS_AUTH_MODE`))::
-(`int`) Write-only option used to configure the authentication mode used.
-See `<<nng_tls_config_auth_mode.3tls#,nng_tls_config_auth_mode()>>` for
-more details.
-
-((`NNG_OPT_TLS_VERIFIED`))::
-(`bool`) Whether the remote peer has been properly verified using TLS
-authentication.
-May return incorrect results if peer authentication is disabled.
+* <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
+* <<nng_options.5#NNG_OPT_REMADDR,`NNG_OPT_REMADDR`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_AUTH_MODE,`NNG_OPT_TLS_AUTH_MODE`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_CA_FILE,`NNG_OPT_TLS_CA_FILE`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_CERT_KEY_FILE,`NNG_OPT_TLS_CERT_KEY_FILE`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_CONFIG,`NNG_OPT_TLS_CONFIG`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_VERIFIED,`NNG_OPT_TLS_VERIFIED_`>>
+* <<nng_options.5#NNG_OPT_URL,`NNG_OPT_URL`>>
 
 == SEE ALSO
 
 [.text-left]
 <<nng_tls_config_alloc.3tls#,nng_tls_config_alloc(3tls)>>
+<<nng_options.5#,nng_options(5)>>,
 <<nng_sockaddr_in.5#,nng_sockaddr_in(5)>>,
 <<nng_sockaddr_in6.5#,nng_sockaddr_in6(5)>>,
+<<nng_tcp_options.5#,nng_tcp_options(5)>>,
+<<nng_tls_config.5#,nng_tls_config(5)>>,
+<<nng_tls_options.5#,nng_tls_options(5)>>,
 <<nng.7#,nng(7)>>,
diff --git a/docs/man/nng_tls_close.3tls.adoc b/docs/man/nng_tls_close.3tls.adoc
new file mode 100644
index 00000000..49836965
--- /dev/null
+++ b/docs/man/nng_tls_close.3tls.adoc
@@ -0,0 +1,61 @@
+= nng_tls_close(3tls)
+//
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_close - close TLS connection
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+void nng_tls_close(nng_tls *conn);
+----
+
+== DESCRIPTION
+
+The `nng_tls_close()` function closes the supplied TLS connection, _conn_.
+
+If any operations are pending (such as <<nng_tls_send.3tls#,`nng_tls_send()`>>
+or <<nng_tls_recv.3tls#,`nng_tls_recv()`>> they will be terminated with
+an `NNG_ECLOSED` error condition.
+Also, any new operations will fail with `NNG_ECLOSED` after the connection
+is closed.
+
+NOTE: Closing the connection while data is in transmission will likely
+lead to loss of that data.
+There is no automatic linger or flush to ensure that the socket send buffers
+have completely transmitted.
+
+NOTE: Closing the connection does not free the resources associated with it.
+Once it is certain that no more operations are pending on the connection,
+it should be freed with <<nng_tls_free.3tls#,`nng_tls_free()`>>.
+
+== RETURN VALUES
+
+None.
+
+== ERRORS
+
+None.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_free.3tls#,nng_tls_free(3tls)>>,
+<<nng_tls_recv.3tls#,nng_tls_recv(3tls)>>,
+<<nng_tls_send.3tls#,nng_tls_send(3tls)>>,
+<<nng_tls.5#,nng_tls(5)>>
diff --git a/docs/man/nng_tls_config.5.adoc b/docs/man/nng_tls_config.5.adoc
new file mode 100644
index 00000000..ad88e9eb
--- /dev/null
+++ b/docs/man/nng_tls_config.5.adoc
@@ -0,0 +1,57 @@
+= nng_tls_config(5)
+//
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Devolutions <devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_config - message
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/supplemental/tls/tls.h>
+
+typedef struct nng_tls_config nng_tls_config;
+----
+
+== DESCRIPTION
+
+An `nng_tls_config` represents a single ((TLS configuration)) object, which
+can be used to configure TLS servers and clients.
+
+Configuration data includes details such as certificate chains used for
+validation of remote peers, local key and certificate material, server
+names, and so forth.
+Additionally, a configuration can be used either in client mode, or in
+server mode.
+
+Configuration objects may be shared, and are reference counted.
+However once a configuration is used, it enters a read-only state that
+precludes further modifications to the configuration.
+
+Messages are allocated using the
+<<nng_tls_config_alloc.3tls#,`nng_tls_config_alloc()`>>
+function, and are deallocated using the
+<<nng_tls_config_free.3tls#,`nng_tls_config_free()`>>
+function.
+
+== SEE ALSO
+
+[.text-left]
+
+<<nng_tls_config_alloc.3tls#,nng_tls_config_alloc(3tls)>>,
+<<nng_tls_config_auth_mode.3tls#,nng_tls_config_auth_mode(3tls)>>,
+<<nng_tls_config_ca_chain.3tls#,nng_tls_config_ca_chain(3tls)>>,
+<<nng_tls_config_own_cert.3tls#,nng_tls_config_own_cert(3tls)>>,
+<<nng_tls_config_free.3tls#,nng_tls_config_free(3tls)>>,
+<<nng_tls_config_hold.3tls#,nng_tls_config_hold(3tls)>>,
+<<nng_tls_config_server_name.3tls#,nng_tls_config_server_name(3tls)>>,
+<<nng.7#,nng(7)>>
diff --git a/docs/man/nng_tls_config_alloc.3tls.adoc b/docs/man/nng_tls_config_alloc.3tls.adoc
index edbf1c1e..9b218d9d 100644
--- a/docs/man/nng_tls_config_alloc.3tls.adoc
+++ b/docs/man/nng_tls_config_alloc.3tls.adoc
@@ -1,6 +1,6 @@
 = nng_tls_config_alloc(3tls)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 // Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This document is supplied under the terms of the MIT License, a
@@ -50,9 +50,9 @@ that object is not inadvertently freed while in use.
 A configuration object created with `nng_tls_config_alloc()` starts
 with a reference count of one.
 The reference count may be incremented using
-`<<nng_tls_config_hold.3tls#,nng_tls_config_hold()>>` and may be
+<<nng_tls_config_hold.3tls#,`nng_tls_config_hold()`>> and may be
 decremented with
-`<<nng_tls_config_free.3tls#,nng_tls_config_free()>>`.
+<<nng_tls_config_free.3tls#,`nng_tls_config_free()`>>.
 
 Also note that a TLS configuration object becomes "`read-only`" after it
 is first used with a service.
@@ -80,4 +80,5 @@ This function returns 0 on success, and non-zero otherwise.
 <<nng_tls_config_free.3tls#,nng_tls_config_free(3tls)>>,
 <<nng_tls_config_hold.3tls#,nng_tls_config_hold(3tls)>>,
 <<nng_tls_config_server_name.3tls#,nng_tls_config_server_name(3tls)>>,
+<<nng_tls_config.5#,nng_tls_config(5)>>,
 <<nng.7#,nng(7)>>
diff --git a/docs/man/nng_tls_config_hold.3tls.adoc b/docs/man/nng_tls_config_hold.3tls.adoc
index 0461a862..5fa83ac8 100644
--- a/docs/man/nng_tls_config_hold.3tls.adoc
+++ b/docs/man/nng_tls_config_hold.3tls.adoc
@@ -1,6 +1,6 @@
 = nng_tls_config_hold(3tls)
 //
-// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
 //
 // This document is supplied under the terms of the MIT License, a
 // copy of which should be located in the distribution where this
@@ -29,7 +29,7 @@ the configuration object named by _cfg_, thereby preventing it
 from being freed while in use.
 
 The hold can be released by calling
-`<<nng_tls_config_free.3tls#,nng_tls_config_free()>>`.
+<<nng_tls_config_free.3tls#,`nng_tls_config_free()`>>.
 
 Multiple holds can be placed on a configuration object; the object
 will not be freed until the last hold is released.
diff --git a/docs/man/nng_tls_dialer.5.adoc b/docs/man/nng_tls_dialer.5.adoc
new file mode 100644
index 00000000..86c44cea
--- /dev/null
+++ b/docs/man/nng_tls_dialer.5.adoc
@@ -0,0 +1,51 @@
+= nng_tls_dialer(5)
+//
+// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_dialer - TLS dialer
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+typedef struct nng_tls_dialer_s nng_tls_dialer;
+----
+
+== DESCRIPTION
+
+(((TLS, dialer)))
+An `nng_tls_dialer` is a handle to a TLS "`dialer`", which is responsible for
+creating connections (<<nng_tls.5#,`nng_tls`>> objects) by connecting to
+remote systems.
+
+NOTE: The `nng_tls_dialer` object is used for raw IPC connections, and
+should not be confused with a dialer object created using the
+<<nng_tls.7#,nng_tls(7)>> transport.
+
+TIP: Most NNG applications should not use this, but instead use the
+<<nng_tls.7#,nng_tls(7)>> transport instead.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_tls_dialer_alloc.3tls#,nng_tls_dialer_alloc(3tls)>>,
+<<nng_tls_dialer_close.3tls#,nng_tls_dialer_close(3tls)>>,
+<<nng_tls_dialer_dial.3tls#,nng_tls_dialer_dial(3tls)>>,
+<<nng_tls_dialer_free.3tls#,nng_tls_dialer_free(3tls)>>,
+<<nng_tls.5#,nng_tls(5)>>,
+<<nng_tls_listener.5#,nng_tls_listener(5)>>,
+<<nng_tls_options.5#,nng_tls_options(5)>>,
+<<nng_tls.7#,nng_tls(7)>>
diff --git a/docs/man/nng_tls_dialer_alloc.3tls.adoc b/docs/man/nng_tls_dialer_alloc.3tls.adoc
new file mode 100644
index 00000000..6a59eaee
--- /dev/null
+++ b/docs/man/nng_tls_dialer_alloc.3tls.adoc
@@ -0,0 +1,52 @@
+= nng_tls_dialer_alloc(3tls)
+//
+// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_dialer_alloc - allocate TLS dialer
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+int nng_tls_dialer_alloc(nng_tls_dialer *dp);
+----
+
+== DESCRIPTION
+
+The `nng_tls_dialer_alloc()` allocates a TLS dialer, which can be used
+to create outgoing connections over TLS, and stores a pointer to it
+it in the location referenced by _dp_.
+
+== RETURN VALUES
+
+This function returns 0 on success, and non-zero otherwise.
+
+== ERRORS
+
+[horizontal]
+`NNG_ENOMEM`:: Insufficient free memory exists.
+`NNG_ENOTSUP`:: TLS support not configured in library.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_dialer_close.3tls#,nng_tls_dialer_close(3tls)>>,
+<<nng_tls_dialer_dial.3tls#,nng_tls_dialer_dial(3tls)>>,
+<<nng_tls_dialer_free.3tls#,nng_tls_dialer_free(3tls)>>,
+<<nng_tls_dialer_getopt.3tls#,nng_tls_dialer_getopt(3tls)>>,
+<<nng_tls_dialer_setopt.3tls#,nng_tls_dialer_setopt(3tls)>>,
+<<nng_tls_dialer.5#,nng_tls_dialer(5)>>
diff --git a/docs/man/nng_tls_dialer_close.3tls.adoc b/docs/man/nng_tls_dialer_close.3tls.adoc
new file mode 100644
index 00000000..19ca0bd1
--- /dev/null
+++ b/docs/man/nng_tls_dialer_close.3tls.adoc
@@ -0,0 +1,58 @@
+= nng_tls_dialer_close(3tls)
+//
+// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_dialer_close - close TLS dialer
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+void nng_tls_dialer_close(nng_tls_dialer *d);
+----
+
+== DESCRIPTION
+
+The `nng_tls_dialer_close()` function closes the supplied TCP dialer _d_,
+but does not free the underlying resources associated with it.
+
+If any <<nng_tls_dialer_dial.3tls#,dial>> operations using _d_ are
+in progress, they will be terminated with an `NNG_ECLOSED` error condition.
+
+Furthermore any future accesses to the dialer _d_ will also result in
+`NNG_ECLOSED`.
+
+NOTE: This function does not release the memory for the dialer, so the
+application should still free the memory using
+<<nng_tls_dialer_free.3tls#,`nng_tls_dialer_free()`>>
+once it is certain that nothing else is using it.
+
+== RETURN VALUES
+
+None.
+
+== ERRORS
+
+None.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_dialer_alloc.3tls#,nng_tls_dialer_alloc(3tls)>>,
+<<nng_tls_dialer_dial.3tls#,nng_tls_dialer_dial(3tls)>>,
+<<nng_tls_dialer_free.3tls#,nng_tls_dialer_free(3tls)>>,
+<<nng_tls_dialer.5#,nng_tls_dialer(5)>>
diff --git a/docs/man/nng_tls_dialer_dial.3tls.adoc b/docs/man/nng_tls_dialer_dial.3tls.adoc
new file mode 100644
index 00000000..31d9036d
--- /dev/null
+++ b/docs/man/nng_tls_dialer_dial.3tls.adoc
@@ -0,0 +1,65 @@
+= nng_tls_dialer_dial(3tls)
+//
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_dialer_dial - initiate outgoing TLS connection
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+void nng_tls_dialer_dial(nng_tls_dialer *d, const nng_sockaddr *sa, nng_aio *aio);
+----
+
+== DESCRIPTION
+
+The `nng_tls_dialer_dial()` attempts to establish a TLS connection to the
+remote peer identified by _sa_, using the dialer _d_.
+The operation is completed asynchronously, using _aio_.
+
+The address _sa_ must be in the `NNG_AF_INET` or `NNG_AF_INET6` families,
+and have a valid IPv4 or IPv6 address and TCP port number.
+
+If a connection is successfully established, the _aio_ will have the
+resulting <<nng_tls.5#,`nng_tls`>> stored as its first output.
+(See <<nng_aio_get_output.3#,`nng_aio_get_output()`>>.)
+
+== RETURN VALUES
+
+None.
+
+== ERRORS
+
+[horizontal]
+`NNG_EADDRINVAL`:: The address specified is invalid.
+`NNG_ECANCELED`:: The operation was aborted.
+`NNG_ECLOSED`:: The dialer is closed.
+`NNG_ECONNREFUSED`:: The connection was refused by the server.
+`NNG_ECONNRESET`:: The connection was reset by the server.
+`NNG_ECRYPTO`:: Cryptographic or certificate validation error.
+`NNG_ENOMEM`:: Insufficient free memory exists.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_dialer_alloc.3tls#,nng_tls_dialer_alloc(3tls)>>,
+<<nng_tls_dialer_close.3tls#,nng_tls_dialer_close(3tls)>>,
+<<nng_tls_dialer_free.3tls#,nng_tls_dialer_free(3tls)>>,
+<<nng_aio.5#,nng_aio(5)>>,
+<<nng_sockaddr.5#,nng_sockaddr(5)>>,
+<<nng_tls.5#,nng_tls(5)>>,
+<<nng_tls_dialer.5#,nng_tls_dialer(5)>>
diff --git a/docs/man/nng_tls_dialer_free.3tls.adoc b/docs/man/nng_tls_dialer_free.3tls.adoc
new file mode 100644
index 00000000..b5e7b2bf
--- /dev/null
+++ b/docs/man/nng_tls_dialer_free.3tls.adoc
@@ -0,0 +1,53 @@
+= nng_tls_dialer_free(3tls)
+//
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_dialer_free - free TLS dialer
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+void nng_tls_dialer_free(nng_tls_dialer *d);
+----
+
+== DESCRIPTION
+
+The `nng_tls_dialer_free()` function closes the supplied TLS dialer _d_,
+and frees the underlying resources associated with it.
+
+If any <<nng_tls_dialer_dial.3tls#,dial>> operations using _d_ are
+in progress, they will be terminated with an `NNG_ECLOSED` error condition.
+
+WARNING: It is important that the application ensure that no further accesses
+are made to _d_, as the memory backing it will be reclaimed for other uses.
+
+== RETURN VALUES
+
+None.
+
+== ERRORS
+
+None.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_dialer_alloc.3tls#,nng_tls_dialer_alloc(3tls)>>,
+<<nng_tls_dialer_close.3tls#,nng_tls_dialer_close(3tls)>>,
+<<nng_tls_dialer_dial.3tls#,nng_tls_dialer_dial(3tls)>>,
+<<nng_tls_dialer.5#,nng_tls_dialer(5)>>
diff --git a/docs/man/nng_tls_dialer_getopt.3tls.adoc b/docs/man/nng_tls_dialer_getopt.3tls.adoc
new file mode 100644
index 00000000..6790092f
--- /dev/null
+++ b/docs/man/nng_tls_dialer_getopt.3tls.adoc
@@ -0,0 +1,73 @@
+= nng_tls_dialer_getopt(3tls)
+//
+// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_dialer_getopt - get option from TLS dialer
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+int nng_tls_getopt(nng_tls_dialer *d, const char *name, void *data, size_t *sizep);
+----
+
+== DESCRIPTION
+
+The `nng_tls_dialer_getopt()` is used to retrieve the value of the option _name_
+for the <<nng_tls_dialer.5#,TLS dialer>> _d_.
+The size of the buffer located at _data_ to receive the copy is passed by the
+caller at the location referenced by _sizep_.
+If this size is sufficient to hold the entire object, the object is copied into
+the buffer specified by _data_.
+In either event, the size of the source object (the amount of data copied,
+or that would have been copied if sufficient space were available) is stored
+at the location of _sizep_.
+
+=== Options
+
+The options specifically suppported for retrieval from TLS dialers are:
+
+* <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_CONFIG,`NNG_OPT_TLS_CONFIG`>>
+
+== RETURN VALUES
+
+This function returns 0 on success, and non-zero otherwise.
+
+== ERRORS
+
+[horizontal]
+`NNG_ECLOSED`:: The dialer is closed.
+`NNG_EINVAL`:: There was insufficient space to receive the object.
+	The amount of data actually needed is returned in _sizep_.
+`NNG_ENOTSUP`:: The option _name_ is not supported.
+`NNG_EWRITEONLY`:: The option _name_ may not read.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_dialer_setopt.3tls#,nng_tls_dialer_setopt(3tls)>>,
+<<nng_tls_getopt.3tls#,nng_tls_getopt(3tls)>>,
+<<nng_options.5#,nng_options(5)>>,
+<<nng_tcp_options.5#,nng_tcp_options(5)>>,
+<<nng_tls.5#,nng_tls(5)>>,
+<<nng_tls_config.5#,nng_tls_config(5)>>,
+<<nng_tls_dialer.5#,nng_tls_dialer(5)>>,
+<<nng_tls_options.5#,nng_tls_options(5)>>
+
diff --git a/docs/man/nng_tls_dialer_setopt.3tls.adoc b/docs/man/nng_tls_dialer_setopt.3tls.adoc
new file mode 100644
index 00000000..e7999c5b
--- /dev/null
+++ b/docs/man/nng_tls_dialer_setopt.3tls.adoc
@@ -0,0 +1,69 @@
+= nng_tls_dialer_setopt(3tls)
+//
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_dialer_setopt - set option on TLS dialer
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+int nng_tls_dialer_setopt(nng_tls_dialer *d, const char *name, const void *data, size_t size);
+----
+
+== DESCRIPTION
+
+The `nng_tls_dialer_setopt()` is used to set the option _name_ for the
+<<nng_tls_dialer.5#,TLS dialer>> _d_.
+The value to set is copied from _data_, which should be _size_ bytes
+in length.
+
+=== Options
+
+The options specifically suppported for modification on TLS dialers are:
+
+* <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_AUTH_MODE,`NNG_OPT_TLS_AUTH_MODE`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_CA_FILE,`NNG_OPT_TLS_CA_FILE`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_CERT_KEY_FILE,`NNG_OPT_TLS_CERT_KEY_FILE`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_CONFIG,`NNG_OPT_TLS_CONFIG`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_SERVER_NAME,`NNG_OPT_TLS_SERVER_NAME`>>
+
+== RETURN VALUES
+
+This function returns 0 on success, and non-zero otherwise.
+
+== ERRORS
+
+[horizontal]
+`NNG_ECLOSED`:: The dialer is closed.
+`NNG_EINVAL`:: Either _data_ or _size_ are invalid.
+`NNG_ENOTSUP`:: The option _name_ is not supported.
+`NNG_EREADONLY`:: The option _name_ may not be modified.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_dialer_getopt.3tls#,nng_tls_dialer_getopt(3tls)>>,
+<<nng_tls_setopt.3tls#,nng_tls_setopt(3tls)>>,
+<<nng_options.5#,nng_options(5)>>,
+<<nng_tcp_options.5#,nng_tcp_options(5)>>,
+<<nng_tls.5#,nng_tls(5)>>,
+<<nng_tls_dialer.5#,nng_tls_dialer(5)>>,
+<<nng_tls_options.5#,nng_tls_options(5)>>
diff --git a/docs/man/nng_tls_free.3tls.adoc b/docs/man/nng_tls_free.3tls.adoc
new file mode 100644
index 00000000..62c2a81d
--- /dev/null
+++ b/docs/man/nng_tls_free.3tls.adoc
@@ -0,0 +1,59 @@
+= nng_tls_free(3tls)
+//
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_free - free TLS connection
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+void nng_tls_free(nng_tls *conn);
+----
+
+== DESCRIPTION
+
+The `nng_tls_free()` function closes the supplied TLS connection, _conn_,
+and frees the underlying resources associated with it.
+
+If any operations are pending (such as <<nng_tls_send.3tls#,`nng_tls_send()`>>
+or <<nng_tls_recv.3tls#,`nng_tls_recv()`>> they will be terminated with
+an `NNG_ECLOSED` error condition.
+
+WARNING: It is important that the application ensure that no further accesses
+are made to _conn_, as the memory backing it will be reclaimed for other uses.
+
+NOTE: Closing the connection while data is in transmission will likely
+lead to loss of that data.
+There is no automatic linger or flush to ensure that the socket send buffers
+have completely transmitted.
+
+== RETURN VALUES
+
+None.
+
+== ERRORS
+
+None.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_close.3tls#,nng_tls_close(3tls)>>,
+<<nng_tls_recv.3tls#,nng_tls_recv(3tls)>>,
+<<nng_tls_send.3tls#,nng_tls_send(3tls)>>,
+<<nng_tls.5#,nng_tls(5)>>
diff --git a/docs/man/nng_tls_getopt.3tls.adoc b/docs/man/nng_tls_getopt.3tls.adoc
new file mode 100644
index 00000000..87c8287c
--- /dev/null
+++ b/docs/man/nng_tls_getopt.3tls.adoc
@@ -0,0 +1,70 @@
+= nng_tls_getopt(3tls)
+//
+// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_getopt - get option from TLS connection
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+int nng_tls_getopt(nng_tls *conn, const char *name, void *data, size_t *sizep);
+----
+
+== DESCRIPTION
+
+The `nng_tls_getopt()` is used to retrieve the value of the option _name_ for
+the <<nng_tls.5#,TLS connection>> _conn_.
+The size of the buffer located at _data_ to receive the copy is passed by the
+caller at the location referenced by _sizep_.
+If this size is sufficient to hold the entire object, the object is copied into
+the buffer specified by _data_.
+In either event, the size of the source object (the amount of data copied,
+or that would have been copied if sufficient space were available) is stored
+at the location of _sizep_.
+
+=== Options
+
+The options specifically suppported for retrieval from TLS connections are:
+
+* <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
+* <<nng_options.5#NNG_OPT_REMADDR,`NNG_OPT_REMADDR`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_VERIFIED,`NNG_OPT_TLS_VERIFIED`>>
+
+== RETURN VALUES
+
+This function returns 0 on success, and non-zero otherwise.
+
+== ERRORS
+
+[horizontal]
+`NNG_ECLOSED`:: The connection _conn_ is closed.
+`NNG_EINVAL`:: There was insufficient space to receive the object.
+	The amount of data actually needed is returned in _sizep_.
+`NNG_ENOTSUP`:: The option _name_ is not supported.
+`NNG_EWRITEONLY`:: The option _name_ may not read.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_setopt.3tls#,nng_tls_setopt(3tls)>>,
+<<nng_options.5#,nng_options(5)>>,
+<<nng_tcp_options.5#,nng_tcp_options(5)>>,
+<<nng_tls.5#,nng_tlsp(5)>>,
+<<nng_tls_options.5#,nng_tls_options(5)>>
diff --git a/docs/man/nng_tls_listener.5.adoc b/docs/man/nng_tls_listener.5.adoc
new file mode 100644
index 00000000..6854aa57
--- /dev/null
+++ b/docs/man/nng_tls_listener.5.adoc
@@ -0,0 +1,53 @@
+= nng_tls_listener(5)
+//
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_listener - TLS listener
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+typedef struct nng_tls_dialer_s nng_tls_dialer;
+----
+
+== DESCRIPTION
+
+(((TLS, listener)))
+An `nng_tls_listener` is a handle to a TLS "`listener`", which is responsible
+for accepting connections (<<nng_tls.5#,`nng_tls`>> objects) from remote
+systems.
+
+NOTE: The `nng_tls_listener` object is used for raw TLS over TCP connections, and
+should not be confused with a listener object created using the
+<<nng_tls.7#,nng_tls(7)>> transport.
+
+TIP: Most NNG applications should not use this, but instead use the
+<<nng_tls.7#,nng_tls(7)>> transport instead.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_tls_listener_accept.3tls#,nng_tls_listener_accept(3tls)>>,
+<<nng_tls_listener_alloc.3tls#,nng_tls_listener_alloc(3tls)>>,
+<<nng_tls_listener_close.3tls#,nng_tls_listener_close(3tls)>>,
+<<nng_tls_listener_free.3tls#,nng_tls_listener_free(3tls)>>,
+<<nng_tls_listener_getopt.3tls#,nng_tls_listener_getopt(3tls)>>,
+<<nng_tls_listener_listen.3tls#,nng_tls_listener_listen(3tls)>>,
+<<nng_tls_listener_setopt.3tls#,nng_tls_listener_setopt(3tls)>>,
+<<nng_tls.5#,nng_tls(5)>>,
+<<nng_tls_dialer.5#,nng_tls_dialer(5)>>,
+<<nng_tls.7#,nng_tls(7)>>
diff --git a/docs/man/nng_tls_listener_accept.3tls.adoc b/docs/man/nng_tls_listener_accept.3tls.adoc
new file mode 100644
index 00000000..5d9b3952
--- /dev/null
+++ b/docs/man/nng_tls_listener_accept.3tls.adoc
@@ -0,0 +1,70 @@
+= nng_tls_listener_accept(3tls)
+//
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_listener_accept - accept incoming TLS connection
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+void nng_tls_listener_accept(nng_tls_listener *l, nng_aio *aio);
+----
+
+== DESCRIPTION
+
+The `nng_tls_listener_accept()` attempts to accept an incoming TLS connection
+from a remote peer, using the listener _l_.
+The operation is completed asynchronously, using _aio_.
+
+This operation can only be done after the listener is already bound to
+a TCP port and is <<nng_tls_listener_listen.3tls#,listening>>.
+
+If a connection is successfully established, the _aio_ will have the
+resulting <<nng_tls.5#,`nng_tls`>> stored as its first output.
+(See <<nng_aio_get_output.3#,`nng_aio_get_output()`>>.)
+
+The address of the remote peer can be determined using the
+<<nng_options.5#NNG_OPT_REMADDR,`NNG_OPT_REMADDR`>> option with the
+<<nng_tls_getopt.3tls#,`nng_tls_getopt()`>> function on the
+returned <<nng_tls.5#,`nng_tls`>>.
+
+== RETURN VALUES
+
+None.
+
+== ERRORS
+
+[horizontal]
+`NNG_ECANCELED`:: The operation was aborted.
+`NNG_ECLOSED`:: The listener is closed.
+`NNG_ECONNRESET`:: The connection was reset by the peer.
+`NNG_ENOMEM`:: Insufficient free memory exists.
+`NNG_ESTATE`:: The listener is not not listening.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_listener_alloc.3tls#,nng_tls_listener_alloc(3tls)>>,
+<<nng_tls_listener_close.3tls#,nng_tls_listener_close(3tls)>>,
+<<nng_tls_listener_free.3tls#,nng_tls_listener_free(3tls)>>,
+<<nng_tls_listener_listen.3tls#,nng_tls_listener_listen(3tls)>>,
+<<nng_aio.5#,nng_aio(5)>>,
+<<nng_tls.5#,nng_tls(5)>>,
+<<nng_options.5#,nng_options(5)>>,
+<<nng_tls_listener.5#,nng_tls_listener(5)>>,
+<<nng_tls_options.5#,nng_tls_options(5)>>
diff --git a/docs/man/nng_tls_listener_alloc.3tls.adoc b/docs/man/nng_tls_listener_alloc.3tls.adoc
new file mode 100644
index 00000000..88c4981a
--- /dev/null
+++ b/docs/man/nng_tls_listener_alloc.3tls.adoc
@@ -0,0 +1,53 @@
+= nng_tls_listener_alloc(3tls)
+//
+// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_listener_alloc - allocate TLS listener
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+int nng_tls_listener_alloc(nng_tls_listener *lp);
+----
+
+== DESCRIPTION
+
+The `nng_tls_listener_alloc()` allocates a TLS listener, which can be used
+to accept incoming connections over TLS, and stores a pointer to it
+it in the location referenced by _lp_.
+
+== RETURN VALUES
+
+This function returns 0 on success, and non-zero otherwise.
+
+== ERRORS
+
+[horizontal]
+`NNG_ENOMEM`:: Insufficient free memory exists.
+`NNG_ENOTSUP`:: TLS support not configured in library.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_listener_accept.3tls#,nng_tls_listener_accept(3tls)>>,
+<<nng_tls_listener_close.3tls#,nng_tls_listener_close(3tls)>>,
+<<nng_tls_listener_free.3tls#,nng_tls_listener_free(3tls)>>,
+<<nng_tls_listener_getopt.3tls#,nng_tls_listener_getopt(3tls)>>,
+<<nng_tls_listener_listen.3tls#,nng_tls_listener_listen(3tls)>>,
+<<nng_tls_listener_setopt.3tls#,nng_tls_listener_setopt(3tls)>>,
+<<nng_tls_listener.5#,nng_tls_listener(5)>>
diff --git a/docs/man/nng_tls_listener_close.3tls.adoc b/docs/man/nng_tls_listener_close.3tls.adoc
new file mode 100644
index 00000000..26120cee
--- /dev/null
+++ b/docs/man/nng_tls_listener_close.3tls.adoc
@@ -0,0 +1,58 @@
+= nng_tls_listener_close(3tls)
+//
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_listener_close - close TLS listener
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+void nng_tls_listener_close(nng_tls_listener *l);
+----
+
+== DESCRIPTION
+
+The `nng_tls_listener_close()` function closes the supplied TLS listener _l_,
+but does not free the underlying resources associated with it.
+
+If any <<nng_tls_listener_accept.3tls#,accept>> operations using _l_
+are in progress, they will be terminated with an `NNG_ECLOSED` error condition.
+
+Furthermore any future accesses to the listener _l_ will also result in
+`NNG_ECLOSED`.
+
+NOTE: This function does not release the memory for the listener, so the
+application should still free the memory using
+<<nng_tls_listener_free.3tls#,`nng_tls_listener_free()`>>
+once it is certain that nothing else is using it.
+
+== RETURN VALUES
+
+None.
+
+== ERRORS
+
+None.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_listener_alloc.3tls#,nng_tls_listener_alloc(3tls)>>,
+<<nng_tls_listener_accept.3tls#,nng_tls_listener_accept(3tls)>>,
+<<nng_tls_listener_free.3tls#,nng_tls_listener_free(3tls)>>,
+<<nng_tls_listener.5#,nng_tls_listener(5)>>
diff --git a/docs/man/nng_tls_listener_free.3tls.adoc b/docs/man/nng_tls_listener_free.3tls.adoc
new file mode 100644
index 00000000..067a803a
--- /dev/null
+++ b/docs/man/nng_tls_listener_free.3tls.adoc
@@ -0,0 +1,52 @@
+= nng_tls_listener_free(3tls)
+//
+// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_listener_free - free TLS listener
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+void nng_tls_listener_free(nng_tls_listener *l);
+----
+
+== DESCRIPTION
+
+The `nng_tls_listener_free()` function closes the supplied TLS listener _l_,
+and frees the underlying resources associated with it.
+
+If any <<nng_tls_listener_accept.3tls#,accept>> operations using _l_
+are in progress, they will be terminated with an `NNG_ECLOSED` error condition.
+
+WARNING: It is important that the application ensure that no further accesses
+are made to _l_, as the memory backing it will be reclaimed for other uses.
+
+== RETURN VALUES
+
+None.
+
+== ERRORS
+
+None.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_listener_alloc.3tls#,nng_tls_listener_alloc(3tls)>>,
+<<nng_tls_listener_close.3tls#,nng_tls_listener_close(3tls)>>,
+<<nng_tls_listener.5#,nng_tls_listener(5)>>
diff --git a/docs/man/nng_tls_listener_getopt.3tls.adoc b/docs/man/nng_tls_listener_getopt.3tls.adoc
new file mode 100644
index 00000000..45abda1b
--- /dev/null
+++ b/docs/man/nng_tls_listener_getopt.3tls.adoc
@@ -0,0 +1,72 @@
+= nng_tls_listener_getopt(3tls)
+//
+// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_listener_getopt - get option from TLS listener
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+int nng_tls_listener_getopt(nng_tls_listener *l, const char *name, void *data, size_t *sizep);
+----
+
+== DESCRIPTION
+
+The `nng_tls_listener_getopt()` is used to retrieve the value of the option
+_name_ for the <<nng_tls_listener.5#,TLS listener>> _l_.
+The size of the buffer located at _data_ to receive the copy is passed by the
+caller at the location referenced by _sizep_.
+If this size is sufficient to hold the entire object, the object is copied into
+the buffer specified by _data_.
+In either event, the size of the source object (the amount of data copied,
+or that would have been copied if sufficient space were available) is stored
+at the location of _sizep_.
+
+=== Options
+
+The options specifically suppported for retrieval from TLS listeners are:
+
+* <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_CONFIG,`NNG_OPT_TLS_CONFIG`>>
+
+== RETURN VALUES
+
+This function returns 0 on success, and non-zero otherwise.
+
+== ERRORS
+
+[horizontal]
+`NNG_ECLOSED`:: The dialer is closed.
+`NNG_EINVAL`:: There was insufficient space to receive the object.
+	The amount of data actually needed is returned in _sizep_.
+`NNG_ENOTSUP`:: The option _name_ is not supported.
+`NNG_EWRITEONLY`:: The option _name_ may not read.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_listener_setopt.3tls#,nng_tls_listener_setopt(3tls)>>,
+<<nng_tls_getopt.3tls#,nng_tls_getopt(3tls)>>,
+<<nng_options.5#,nng_options(5)>>,
+<<nng_tcp_options.5#,nng_tcp_options(5)>>,
+<<nng_tls.5#,nng_tls(5)>>,
+<<nng_tls_listener.5#,nng_tls_listener(5)>>,
+<<nng_tls_options.5#,nng_tls_options(5)>>
+
diff --git a/docs/man/nng_tls_listener_listen.3tls.adoc b/docs/man/nng_tls_listener_listen.3tls.adoc
new file mode 100644
index 00000000..4fd6bf18
--- /dev/null
+++ b/docs/man/nng_tls_listener_listen.3tls.adoc
@@ -0,0 +1,73 @@
+= nng_tls_listener_listen(3tls)
+//
+// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_listener_listen - bind listener to TLS port
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+int nng_tls_listener_listen(nng_tls_listener l, const nng_sockaddr *sa);
+----
+
+== DESCRIPTION
+
+The `nng_tls_listener_listen()` attempts to bind the listener _l_
+to the local address specified by _sa_, which must be in the
+`NNG_AF_INET` or `NNG_AF_INET6` address family.
+
+This also sets the underlying port into passive mode, ready to
+accept an incoming connection, and established a listen queue
+for receiving incoming connections.  (The queue depth is system
+specific, but typically 128.)
+
+The actual IPv4 or IPv6 address in _sa_ may refer either to a locally
+configured interface address, or to a zero-valued adddress to indicate
+that all interfaces on the system should be bound.
+
+The TCP port number may also be zero.  In this case the system will
+choose a free TCP port at random, and use it.
+
+The chosen port number may be retrieved using the
+<<nng_options.5#,`NNG_OPT_LOCADDR`>> option with the
+<<nng_tls_listener_getopt.3tls#,`nng_tls_listener_getopt()`>> function.
+
+== RETURN VALUES
+
+This function returns 0 on success, and non-zero otherwise.
+
+== ERRORS
+
+[horizontal]
+`NNG_EADDRINUSE`:: The address specified by _sa_ is already in use.
+`NNG_EADDRINVAL`:: The address specified by _sa_ is invalid or unavailable.
+`NNG_ECLOSED`:: The listener _l_ has been closed.
+`NNG_ECRYPTO`:: Cryptographic or certificate error.
+`NNG_ESTATE`:: The listener _l_ is already bound.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_listener_accept.3tls#,nng_tls_listener_accept(3tls)>>,
+<<nng_tls_listener_alloc.3tls#,nng_tls_listener_alloc(3tls)>>,
+<<nng_tls_listener_close.3tls#,nng_tls_listener_close(3tls)>>,
+<<nng_tls_listener_free.3tls#,nng_tls_listener_free(3tls)>>,
+<<nng_tls_listener_getopt.3tls#,nng_tls_listener_getopt(3tls)>>,
+<<nng_options.5#,nng_options(5)>>,
+<<nng_sockaddr.5#,nng_sockaddr(5)>>,
+<<nng_tls_listener.5#,nng_tls_listener(5)>>
diff --git a/docs/man/nng_tls_listener_setopt.3tls.adoc b/docs/man/nng_tls_listener_setopt.3tls.adoc
new file mode 100644
index 00000000..7254fddb
--- /dev/null
+++ b/docs/man/nng_tls_listener_setopt.3tls.adoc
@@ -0,0 +1,67 @@
+= nng_tls_listener_setopt(3tls)
+//
+// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_listener_setopt - set option on TLS listener
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+int nng_tls_listener_setopt(nng_tls_listener *l, const char *name, const void *data, size_t size);
+----
+
+== DESCRIPTION
+
+The `nng_tls_listener_setopt()` is used to set the option _name_ for the
+<<nng_tls_listener.5#,TLS listener>> _l_.
+The value to set is copied from _data_, which should be _size_ bytes
+in length.
+
+=== Options
+
+The options specifically suppported for modification on TLS listeners are:
+
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_AUTH_MODE,`NNG_OPT_TLS_AUTH_MODE`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_CA_FILE,`NNG_OPT_TLS_CA_FILE`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_CERT_KEY_FILE,`NNG_OPT_TLS_CERT_KEY_FILE`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_CONFIG,`NNG_OPT_TLS_CONFIG`>>
+* <<nng_tls_options.5#NNG_OPT_TLS_SERVER_NAME,`NNG_OPT_TLS_SERVER_NAME`>>
+
+== RETURN VALUES
+
+This function returns 0 on success, and non-zero otherwise.
+
+== ERRORS
+
+[horizontal]
+`NNG_ECLOSED`:: The listener is closed.
+`NNG_EINVAL`:: Either _data_ or _size_ are invalid.
+`NNG_ENOTSUP`:: The option _name_ is not supported.
+`NNG_EREADONLY`:: The option _name_ may not be modified.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_listener_getopt.3tls#,nng_tls_listener_getopt(3tls)>>,
+<<nng_tls_setopt.3tls#,nng_tls_setopt(3tls)>>,
+<<nng_options.5#,nng_options(5)>>,
+<<nng_tls.5#,nng_tls(5)>>,
+<<nng_tls_listener.5#,nng_tls_listener(5)>>,
+<<nng_tls_options.5#,nng_tls_options(5)>>
diff --git a/docs/man/nng_tls_options.5.adoc b/docs/man/nng_tls_options.5.adoc
new file mode 100644
index 00000000..0a30daa2
--- /dev/null
+++ b/docs/man/nng_tls_options.5.adoc
@@ -0,0 +1,116 @@
+= nng_tls_options(5)
+//
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_options - TLS-specific options
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+
+#define NNG_OPT_TLS_AUTH_MODE     "tls-authmode"
+#define NNG_OPT_TLS_CA_FILE       "tls-ca-file"
+#define NNG_OPT_TLS_CERT_KEY_FILE "tls-cert-key-file"
+#define NNG_OPT_TLS_CONFIG        "tls-config"
+#define NNG_OPT_TLS_SERVER_NAME   "tls-server-name"
+#define NNG_OPT_TLS_VERIFIED      "tls-verified"
+----
+
+== DESCRIPTION
+
+This page documents the various standard options that can be set or
+retrieved on objects using TLS in the _nng_ library.
+
+The option names should always be used by their symbolic definitions.
+
+In the following list of options, the name of the option is supplied,
+along with the data type of the underlying value.
+
+Some options are only meaningful or supported in certain contexts, or may
+have other access restrictions.
+An attempt has been made to include details about such restrictions in the
+description of the option.
+
+=== TLS Options
+
+[[NNG_OPT_TLS_AUTH_MODE]]((`NNG_OPT_TLS_AUTH_MODE`))::
+(`int`)
+Write-only option used to configure the authentication mode used.
+See <<nng_tls_config_auth_mode.3tls#,`nng_tls_config_auth_mode()`>> for
+more details.
+
+[[NNG_OPT_TLS_CA_FILE]]((`NNG_OPT_TLS_CA_FILE`))::
+(string) Write-only option naming a file containing certificates to
+use for peer validation.
+See <<nng_tls_config_ca_file.3tls#,`nng_tls_config_ca_file()`>> for more
+information.
+
+[[NNG_OPT_TLS_CERT_KEY_FILE]]((`NNG_OPT_TLS_CERT_KEY_FILE`))::
+(string) Write-only option naming a file containing the local certificate and
+associated private key.
+The private key used must be unencrypted.
+See <<nng_tls_config_own_cert.3tls#,`nng_tls_config_own_cert()`>> for more
+information.
+
+[[NNG_OPT_TLS_CONFIG]]((`NNG_OPT_TLS_CONFIG`))::
+(`nng_tls_config *`)
+This option references the underlying
+<<nng_tls_config.5#,TLS configuration object>>.
+A hold is placed on the underlying
+configuration object before returning it.
++
+NOTE: The caller should release the hold with
+<<nng_tls_config_free.3tls#,`nng_tls_config_free()`>> when it no
+longer needs the TLS configuration object.
++
+TIP: Use this option when more advanced TLS configuration is required.
+
+[[NNG_OPT_TLS_SERVER_NAME]]((`NNG_OPT_TLS_SERVER_NAME`))::
+(string)
+This write-only option is used to specify the name of the server.
+When used with a dialer, this potentially configures SNI (server name
+indication, which is used as a hint by a multihosting server to choose the
+appropriate certificate to provide) and also is used to validate the
+name presented in the server's x509 certificate.
+
+[[NNT_OPT_TLS_VERIFIED]]((`NNG_OPT_TLS_VERIFIED`))::
+(`bool`)
+This read-only option indicates whether the remote peer has been properly verified using TLS
+authentication.
+May return incorrect results if peer authentication is disabled.
+
+=== Inherited Options
+
+Generally, the following option values are also available for TLS objects,
+when appropriate for the context:
+
+* <<nng_options.5#NNG_OPT_LOCADDR,`NNG_OPT_LOCADDR`>>
+* <<nng_options.5#NNG_OPT_REMADDR,`NNG_OPT_REMADDR`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
+
+== SEE ALSO
+
+[.text-left]
+<<nng_tls_dialer_getopt.3tls#,nng_tls_dialer_getopt(3tls)>>,
+<<nng_tls_dialer_setopt.3tls#,nng_tls_dialer_setopt(3tls)>>,
+<<nng_tls_getopt.3tls#,nng_tls_getopt(3tls)>>,
+<<nng_tls_listener_getopt.3tls#,nng_tls_listener_getopt(3tls)>>,
+<<nng_tls_listener_setopt.3tls#,nng_tls_listener_setopt(3tls)>>,
+<<nng_tls_setopt.3tls#,nng_tls_setopt(3tls)>>,
+<<nng_options.5#,nng_options(5)>>
+<<nng_tcp_options.5#,nng_tcp_options(5)>>
+<<nng_tls_config.5#,nng_tls_config(5)>>,
+<<nng.7#,nng(7)>>
diff --git a/docs/man/nng_tls_recv.3tls.adoc b/docs/man/nng_tls_recv.3tls.adoc
new file mode 100644
index 00000000..39362a13
--- /dev/null
+++ b/docs/man/nng_tls_recv.3tls.adoc
@@ -0,0 +1,73 @@
+= nng_tls_recv(3tls)
+//
+// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_recv - receive from TLS connection
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+void nng_tls_recv(nng_tls *conn, nng_aio *aio);
+----
+
+== DESCRIPTION
+
+The `nng_tls_recv()` function starts an asynchronous receive from the
+TLS connection _conn_, into the scatter/gather vector located in the
+asynchronous I/O structure _aio_.
+
+NOTE: The <<nng_aio_set_iov.3#,`nng_aio_set_iov()`>> function must have been
+called first, to set the scatter/gather vector for _aio_.
+
+This function returns immediately, with no return value.
+Completion of the operation is signaled via the _aio_,
+and the final result may be obtained via
+<<nng_aio_result.3#,`nng_aio_result()`>>.
+That result will either be zero or an error code.
+
+The I/O operation completes as soon as at least one byte has been
+received, or an error has occurred.
+Therefore, the number of bytes read may be less than requested.
+The actual number of bytes read can be determined with
+<<nng_aio_count.3#,`nng_aio_count()`>>.
+
+== RETURN VALUES
+
+None.
+
+== ERRORS
+
+[horizontal]
+`NNG_ECANCELED`:: The operation was canceled.
+`NNG_ECLOSED`:: The connection was closed.
+`NNG_ECRYPTO`:: Cryptographic or certificate error.
+`NNG_ECONNRESET`:: The peer closed the connection.
+`NNG_EINVAL`:: The _aio_ does not contain a valid scatter/gather vector.
+`NNG_ENOMEM`:: Insufficient free memory to perform the operation.
+`NNG_ETIMEDOUT`:: Timeout waiting for data from the connection.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_aio_alloc.3#,nng_aio_alloc(3)>>,
+<<nng_aio_count.3#,nng_aio_count(3)>>,
+<<nng_aio_result.3#,nng_aio_result(3)>>,
+<<nng_aio_set_iov.3#,nng_aio_set_iov(3)>>,
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_close.3tls#,nng_tls_close(3tls)>>,
+<<nng_tls_send.3tls#,nng_tls_send(3tls)>>,
+<<nng_tls.5#,nng_tls(5)>>
diff --git a/docs/man/nng_tls_send.3tls.adoc b/docs/man/nng_tls_send.3tls.adoc
new file mode 100644
index 00000000..a82c6557
--- /dev/null
+++ b/docs/man/nng_tls_send.3tls.adoc
@@ -0,0 +1,72 @@
+= nng_tls_send(3tls)
+//
+// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_send - send to TLS connection
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+void nng_tls_send(nng_tls *conn, nng_aio *aio);
+----
+
+== DESCRIPTION
+
+The `nng_tls_send()` function starts an asynchronous send over the
+TLS connection _conn_ from the scatter/gather vector located in the
+asynchronous I/O structure _aio_.
+
+NOTE: The <<nng_aio_set_iov.3#,`nng_aio_set_iov()`>> function must have been
+called first, to set the scatter/gather vector for _aio_.
+
+This function returns immediately, with no return value.
+Completion of the operation is signaled via the _aio_, and the final
+result may be obtained via <<nng_aio_result.3#,`nng_aio_result()`>>.
+That result will either be zero or an error code.
+
+The I/O operation completes as soon as at least one byte has been
+sent, or an error has occurred.
+Therefore, the number of bytes sent may be less than requested.
+The actual number of bytes sent can be determined with
+<<nng_aio_count.3#,`nng_aio_count()`>>.
+
+== RETURN VALUES
+
+None.
+
+== ERRORS
+
+[horizontal]
+`NNG_ECANCELED`:: The operation was canceled.
+`NNG_ECLOSED`:: The connection was closed.
+`NNG_ECONNRESET`:: The peer closed the connection.
+`NNG_ECRYPTO`:: Cryptographic or certificate error.
+`NNG_EINVAL`:: The _aio_ does not contain a valid scatter/gather vector.
+`NNG_ENOMEM`:: Insufficient free memory to perform the operation.
+`NNG_ETIMEDOUT`:: Timeout waiting for data from the connection.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_aio_alloc.3#,nng_aio_alloc(3)>>,
+<<nng_aio_count.3#,nng_aio_count(3)>>,
+<<nng_aio_result.3#,nng_aio_result(3)>>,
+<<nng_aio_set_iov.3#,nng_aio_set_iov(3)>>,
+<<nng_tls_close.3tls#,nng_tls_close(3tls)>>,
+<<nng_tls_recv.3tls#,nng_tls_recv(3tls)>>,
+<<nng_tls.5#,nng_tls(5)>>,
+<<nng_strerror.3#,nng_strerror(3)>>
diff --git a/docs/man/nng_tls_setopt.3tls.adoc b/docs/man/nng_tls_setopt.3tls.adoc
new file mode 100644
index 00000000..3ba4a979
--- /dev/null
+++ b/docs/man/nng_tls_setopt.3tls.adoc
@@ -0,0 +1,61 @@
+= nng_tls_setopt(3tls)
+//
+// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2019 Devolutions <info@devolutions.net>
+//
+// This document is supplied under the terms of the MIT License, a
+// copy of which should be located in the distribution where this
+// file was obtained (LICENSE.txt).  A copy of the license may also be
+// found online at https://opensource.org/licenses/MIT.
+//
+
+== NAME
+
+nng_tls_setopt - set option on TLS connection
+
+== SYNOPSIS
+
+[source, c]
+----
+#include <nng/nng.h>
+#include <nng/supplemental/tls/tls.h>
+
+int nng_tls_setopt(nng_tls *conn, const char *name, const void *data, size_t size);
+----
+
+== DESCRIPTION
+
+The `nng_tls_setopt()` is used to set the option _name_ for the
+<<nng_tls.5#,TLS connection>> _conn_.
+The value to set is copied from _data_, which should be _size_ bytes
+in length.
+
+=== Options
+
+The options specifically suppported for modification on TLS connections are:
+
+* <<nng_tcp_options.5#NNG_OPT_TCP_KEEPALIVE,`NNG_OPT_TCP_KEEPALIVE`>>
+* <<nng_tcp_options.5#NNG_OPT_TCP_NODELAY,`NNG_OPT_TCP_NODELAY`>>
+
+== RETURN VALUES
+
+This function returns 0 on success, and non-zero otherwise.
+
+== ERRORS
+
+[horizontal]
+`NNG_ECLOSED`:: The connection _conn_ is closed.
+`NNG_EINVAL`:: Either _data_ or _size_ are invalid.
+`NNG_ENOTSUP`:: The option _name_ is not supported.
+`NNG_EREADONLY`:: The option _name_ may not be modified.
+
+== SEE ALSO
+
+[.text-left]
+<<nng_strerror.3#,nng_strerror(3)>>,
+<<nng_tls_getopt.3tls#,nng_tls_getopt(3tls)>>,
+<<nng_options.5#,nng_options(5)>>,
+<<nng_tcp_options.5#,nng_tcp_options(5)>>,
+<<nng_tls.5#,nng_tls(5)>>,
+<<nng_tls_options.5#,nng_tls_options(5)>>
diff --git a/docs/man/nng_ws.7.adoc b/docs/man/nng_ws.7.adoc
index d5c7d40a..1895eaf1 100644
--- a/docs/man/nng_ws.7.adoc
+++ b/docs/man/nng_ws.7.adoc
@@ -37,11 +37,11 @@ http://nanomsg.org/rfcs/sp-websocket-v1.html[WebSocket Mapping for Scalability P
 === Registration
 
 Depending upon how the library was built, it may be necessary to
-register the transport by calling `<<nng_ws_register.3#,nng_ws_register()>>`.
+register the transport by calling <<nng_ws_register.3#,`nng_ws_register()`>>.
 
 If ((TLS)) support is enabled in the library, secure WebSockets (over TLS v1.2)
 can be used as well, but the secure transport may have to be registered using
-the `<<nng_wss_register.3#,nng_wss_register()>>` function.
+the <<nng_wss_register.3#,`nng_wss_register()`>> function.
 
 === URI Format
 
@@ -77,10 +77,10 @@ permitted, with IPv4 addresses mapped to IPv6 addresses.)
 
 === Socket Address
 
-When using an `<<nng_sockaddr.5#,nng_sockaddr>>` structure,
+When using an <<nng_sockaddr.5#,`nng_sockaddr`>> structure,
 the actual structure is either of type
-`<<nng_sockaddr_in.5#,nng_sockaddr_in>>` (for IPv4) or
-`<<nng_sockaddr_in6.5#,nng_sockaddr_in6>>` (for IPv6).
+<<nng_sockaddr_in.5#,`nng_sockaddr_in`>> (for IPv4) or
+<<nng_sockaddr_in6.5#,`nng_sockaddr_in6`>> (for IPv6).
 
 === Server Instances
 
@@ -133,7 +133,7 @@ configuration object for `wss://` endpoints.
 A hold is placed on the underlying
 configuration object before returning it.
 The caller should release the object with
-`<<nng_tls_config_free.3tls#,nng_tls_config_free()>>` when it no
+<<nng_tls_config_free.3tls#,`nng_tls_config_free()`>> when it no
 longer needs the TLS configuration.
 
 TIP: Use this option when advanced TLS configuration is required.
@@ -141,19 +141,19 @@ TIP: Use this option when advanced TLS configuration is required.
 ((`NNG_OPT_TLS_CA_FILE`))::
 (string) Write-only option naming a file containing certificates to
 use for peer validation.
-See `<<nng_tls_config_ca_file.3tls#,nng_tls_config_ca_file()>>` for more
+See <<nng_tls_config_ca_file.3tls#,`nng_tls_config_ca_file()`>> for more
 information.
 
 ((`NNG_OPT_TLS_CERT_KEY_FILE`))::
 (string) Write-only option naming a file containing the local certificate and
 associated private key.
 The private key used must be unencrypted.
-See `<<nng_tls_config_own_cert.3tls#,nng_tls_config_own_cert()>>` for more
+See <<nng_tls_config_own_cert.3tls#,`nng_tls_config_own_cert()`>> for more
 information.
 
 ((`NNG_OPT_TLS_AUTH_MODE`))::
 (`int`) Write-only option used to configure the authentication mode used.
-See `<<nng_tls_config_auth_mode.3tls#,nng_tls_config_auth_mode()>>` for
+See <<nng_tls_config_auth_mode.3tls#,`nng_tls_config_auth_mode()`>> for
 more details.
 
 `NNG_OPT_TLS_VERIFIED`::