diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
--- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c
@@ -4394,62 +4394,82 @@ ssl_ClearPRCList(PRCList *list, void (*f
         }
         PORT_Free(cursor);
     }
 }
 
 SECStatus
 SSLExp_EnableTls13GreaseEch(PRFileDesc *fd, PRBool enabled)
 {
+#ifdef notdef
     sslSocket *ss = ssl_FindSocket(fd);
     if (!ss) {
         return SECFailure;
     }
     ss->opt.enableTls13GreaseEch = enabled;
     return SECSuccess;
+#else
+    PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
+    return SECFailure;
+#endif
 }
 
 SECStatus
 SSLExp_SetTls13GreaseEchSize(PRFileDesc *fd, PRUint8 size)
 {
+#ifdef notdef
     sslSocket *ss = ssl_FindSocket(fd);
     if (!ss || size == 0) {
         return SECFailure;
     }
     ssl_Get1stHandshakeLock(ss);
     ssl_GetSSL3HandshakeLock(ss);
 
     ss->ssl3.hs.greaseEchSize = size;
 
     ssl_ReleaseSSL3HandshakeLock(ss);
     ssl_Release1stHandshakeLock(ss);
 
     return SECSuccess;
+#else
+    PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
+    return SECFailure;
+#endif
 }
 
 SECStatus
 SSLExp_EnableTls13BackendEch(PRFileDesc *fd, PRBool enabled)
 {
+#ifdef notdef
     sslSocket *ss = ssl_FindSocket(fd);
     if (!ss) {
         return SECFailure;
     }
     ss->opt.enableTls13BackendEch = enabled;
     return SECSuccess;
+#else
+    PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
+    return SECFailure;
+#endif
 }
 
 SECStatus
 SSLExp_CallExtensionWriterOnEchInner(PRFileDesc *fd, PRBool enabled)
 {
+#ifdef notdef
     sslSocket *ss = ssl_FindSocket(fd);
     if (!ss) {
         return SECFailure;
     }
     ss->opt.callExtensionWriterOnEchInner = enabled;
     return SECSuccess;
+#else
+    PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
+    return SECFailure;
+#endif
 }
 
 SECStatus
 SSLExp_SetDtls13VersionWorkaround(PRFileDesc *fd, PRBool enabled)
 {
     sslSocket *ss = ssl_FindSocket(fd);
     if (!ss) {
         return SECFailure;
diff -up ./gtests/ssl_gtest/manifest.mn.disable_ech ./gtests/ssl_gtest/manifest.mn
--- ./gtests/ssl_gtest/manifest.mn.disable_ech	2023-06-21 19:02:02.160400997 +0200
+++ ./gtests/ssl_gtest/manifest.mn	2023-06-21 19:02:18.226618324 +0200
@@ -57,7 +57,6 @@ CPPSRCS = \
       tls_filter.cc \
       tls_protect.cc \
       tls_psk_unittest.cc \
-      tls_ech_unittest.cc \
       $(SSLKEYLOGFILE_FILES) \
       $(NULL)