From 21beaa6f8cd1d66ab669f97f5eedfc2db6aaf371 Mon Sep 17 00:00:00 2001
From: Angristan <stanislas.lange@openmailbox.org>
Date: Fri, 10 Jun 2016 14:54:04 +0200
Subject: [PATCH] Add new features

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 6d25ee2..94213e7 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,10 @@ This fork includes :
 - No logs
 - No comp-lzo [compression is a vector for oracle attacks, e.g. CRIME or BREACH](https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75388575)
 - Better encryption (see below)
+- Avoid DNS leak
+- UFW support
 - TLS 1.2 only
+- Strong ciphers, DH keys and certificates. (see variants)
 - AES-256-CBC and SHA-512 for HMAC (instead of BF-128-CBC and SHA1)
 - Run server in unprivileged mode, reducing risks to the system
 - TLS-auth to help [thwart DoS attacks](https://openvpn.net/index.php/open-source/documentation/howto.html#security) and provide a 2nd line of defense to the TLS channel.