Disable the Enterprise Roots preference

Fixes #560
pyllyukko · Jan 14, 2025 · 4b2833e · 4b2833e
1 parent 21d2f0c
commit 4b2833e
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -377,6 +377,7 @@ Improve visibility of security-related elements, mitigate shoulder-surfing
 * Disable automatic reporting of TLS connection errors [ [1](https://support.mozilla.org/en-US/kb/certificate-pinning-reports) ]
 * Pre-populate the current URL but do not pre-fetch the certificate in the "Add Security Exception" dialog [ [1](http://kb.mozillazine.org/Browser.ssl_override_behavior) [2](https://github.com/pyllyukko/user.js/issues/210) ]
 * Encrypted SNI (when TRR is enabled) [ [1](https://www.cloudflare.com/ssl/encrypted-sni/) [2](https://wiki.mozilla.org/Trusted_Recursive_Resolver#ESNI) [3](https://en.wikipedia.org/wiki/Server_Name_Indication#Security_implications_(ESNI)) ]
+* Disable the Enterprise Roots preference [ [1](https://support.mozilla.org/en-US/kb/how-disable-enterprise-roots-preference) [2](https://github.com/pyllyukko/user.js/issues/560) ]
 
 ### Cipher suites
 

diff --git a/user.js b/user.js
@@ -1165,6 +1165,12 @@ user_pref("browser.ssl_override_behavior",			1);
 // https://en.wikipedia.org/wiki/Server_Name_Indication#Security_implications_(ESNI)
 user_pref("network.security.esni.enabled",			true);
 
+// PREF: Disable the Enterprise Roots preference
+// https://support.mozilla.org/en-US/kb/how-disable-enterprise-roots-preference
+// https://github.com/pyllyukko/user.js/issues/560
+user_pref("security.certerrors.mitm.auto_enable_enterprise_roots"	false);
+user_pref("security.enterprise_roots.enabled"				false);
+
 /******************************************************************************
  * SECTION: Cipher suites                                                     *
  ******************************************************************************/