diff --git a/modules/nix.nix b/modules/nix.nix
index 33d42cf..c3cccdb 100644
--- a/modules/nix.nix
+++ b/modules/nix.nix
@@ -1,4 +1,4 @@
-{ pkgs, inputs, system, ... }:
+{ config, lib, pkgs, inputs, system, ... }:
 
 {
   nix = {
@@ -30,7 +30,21 @@
         config = prev.config;
       };
     })
-  ];
+  ]
+  # Tradebyte access points use legacy crypto
+  ++ lib.optional config.myConfig.tradebyte.enable (
+    final: prev:
+      let
+        inherit (prev) callPackage;
+      in
+      {
+        wpa_supplicant = prev.wpa_supplicant.overrideAttrs (attrs: {
+          patches = attrs.patches ++ [
+            ./wpa_supplicant/SSL_CTX_set_options-SSL_OP_LEGACY_SERVER_CONNECT.patch
+          ];
+        });
+      }
+  );
 
   environment.systemPackages = with pkgs; [
     cached-nix-shell
diff --git a/modules/wpa_supplicant/SSL_CTX_set_options-SSL_OP_LEGACY_SERVER_CONNECT.patch b/modules/wpa_supplicant/SSL_CTX_set_options-SSL_OP_LEGACY_SERVER_CONNECT.patch
new file mode 100644
index 0000000..3fcc2ee
--- /dev/null
+++ b/modules/wpa_supplicant/SSL_CTX_set_options-SSL_OP_LEGACY_SERVER_CONNECT.patch
@@ -0,0 +1,9 @@
+--- wpa_supplicant-2.10/src/crypto/tls_openssl.c	2022-01-16 15:51:29.000000000 -0500
++++ src/crypto/tls_openssl.c.legacy	2022-09-29 10:10:02.999974141 -0400
+@@ -1048,7 +1048,7 @@
+
+ 	SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
+ 	SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
+-
++	SSL_CTX_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
+ 	SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);