Add new features

README.md

@@ -8,7 +8,10 @@ This fork includes :
 - No logs
 - No comp-lzo [compression is a vector for oracle attacks, e.g. CRIME or BREACH](https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75388575)
 - Better encryption (see below)
+- Avoid DNS leak
+- UFW support
 - TLS 1.2 only
+- Strong ciphers, DH keys and certificates. (see variants)
 - AES-256-CBC and SHA-512 for HMAC (instead of BF-128-CBC and SHA1)
 - Run server in unprivileged mode, reducing risks to the system
 - TLS-auth to help [thwart DoS attacks](https://openvpn.net/index.php/open-source/documentation/howto.html#security) and provide a 2nd line of defense to the TLS channel.