diff --git a/doc/luasec.md b/doc/luasec.md
index f9d45b0..5164f34 100644
--- a/doc/luasec.md
+++ b/doc/luasec.md
@@ -8,6 +8,115 @@ between the peers.
 Functions
 ---------
 
-`ssl.loadcertificate`
-`ssl.newcontext`
-`ssl.wrap`
+### ssl.newcontext ###
+
+    cfg = {
+      protocol = "sslv23" | "sslv3" | "tlsv1" | "tlsv1_1" | "tlsv1_2",
+      mode = "server" | "client",
+      key = nil | filename,
+      password = nil | string | function() -> string,
+      certificate = nil | filename,
+      cafile = nil | filename,
+      capath = nil | path,
+      ciphers = ciphers,
+      verify = {"none" | "peer" | "client_once" | "fail_if_no_peer_cert", ...},
+      options = options,
+      depth = number,
+      dhparam = function(is_export, keylength) -> dh_params_string,
+      curve = curve,
+      verifyext = {"lsec_continue" | "lsec_ignore_purpose" | "crl_check" |
+          "crl_check_chain", ...},
+    }
+
+    context = ssl.newcontext(cfg)
+
+Creates a new context based on the settings in the `cfg` table.
+See OpenSSL documentation on specifics on these settings, and see the `openssl
+ciphers` command for the list of supported ciphers and its format specifically.
+
+#### options ####
+      "all"
+      "allow_unsafe_legacy_renegotiation"
+      "cipher_server_preference"
+      "cisco_anyconnect"
+      "cookie_exchange"
+      "cryptopro_tlsext_bug"
+      "dont_insert_empty_fragments"
+      "ephemeral_rsa"
+      "legacy_server_connect"
+      "microsoft_big_sslv3_buffer"
+      "microsoft_sess_id_bug"
+      "msie_sslv2_rsa_padding"
+      "netscape_ca_dn_bug"
+      "netscape_challenge_bug"
+      "netscape_demo_cipher_change_bug"
+      "netscape_reuse_cipher_change_bug"
+      "no_compression"
+      "no_query_mtu"
+      "no_session_resumption_on_renegotiation"
+      "no_sslv2"
+      "no_sslv3"
+      "no_ticket"
+      "no_tlsv1"
+      "no_tlsv1_1"
+      "no_tlsv1_2"
+      "pkcs1_check_1"
+      "pkcs1_check_2"
+      "single_dh_use"
+      "single_ecdh_use"
+      "ssleay_080_client_dh_bug"
+      "sslref2_reuse_cert_type_bug"
+      "tls_block_padding_bug"
+      "tls_d5_bug"
+      "tls_rollback_bug"
+
+#### curves ####
+
+      "secp112r1"
+      "secp112r2"
+      "secp128r1"
+      "secp128r2"
+      "secp160k1"
+      "secp160r1"
+      "secp160r2"
+      "secp192k1"
+      "secp224k1"
+      "secp224r1"
+      "secp256k1"
+      "secp384r1"
+      "secp521r1"
+      "sect113r1"
+      "sect113r2"
+      "sect131r1"
+      "sect131r2"
+      "sect163k1"
+      "sect163r1"
+      "sect163r2"
+      "sect193r1"
+      "sect193r2"
+      "sect233k1"
+      "sect233r1"
+      "sect239k1"
+      "sect283k1"
+      "sect283r1"
+      "sect409k1"
+      "sect409r1"
+      "sect571k1"
+      "sect571r1"
+      "prime192v1"
+      "prime192v2"
+      "prime192v3"
+      "prime239v1"
+      "prime239v2"
+      "prime239v3"
+      "prime256v1"
+
+### ssl.loadcertificate ###
+Alias for `cert.load`.
+
+### ssl.wrap ###
+
+    conn = ssl.wrap(socket, cfg)
+
+`ssl.wrap` wraps an existing luasocket socket into a luasec connection object.
+`cfg` is defined as for `ssl.newcontext`.