For June 2018, PayPal performs security updates on its servers.
This security update consists of the following:
1 – Upgrading to TLS 1.2 and HTTP / 1.1: Your server must be able to support these protocols.
Note: you will need at least a version of OpenSSL greater than or equal to 1.0.1 and if you use cURL, a version greater than or equal to 7.34.0.
Also verify that your server has Verisign G5 Root certificate: https://knowledge.symantec.com/support/mpki-for-ssl-support/index?page=content&actp=CROSSLINK&id=SO5624
2 – Upgrading the SSL Certificate: In order to decrypt the new certificates, your website must be able to support the use of the SHA-256 signature algorithm.
==> For the 2 points above, I invite you to contact your host to check if everything is in order.
3 – HTTPS Standard for IPN Post Back Checks
This does not mean that your site must be in HTTPS, it just means that when your IPN script sends its response to PayPal, it must use the correct security standards.
To make sure, I invite you to contact the developer of your IPN script to ensure that the connection is done correctly.
It is therefore important that you verify that for all API calls as well as for IPN postbacks, your site is able to support these new standards.
I invite you to contact your host to ensure that your server has all these prerequisites.
In addition, if you use a basket management system, such as Prestashop / WooCommerce / Magento, I invite you to update your modules to ensure compatibility.
ATTENTION: However, I want to inform you that you do not need to buy an SSL license for your server and that these prerequisites correspond to updates of your server, neither more nor less.
Indeed an SSL license allows to have a site certified in https but the security update PayPal just asks that your shop is able to communicate with the new PayPal server, which they will have new standards. And for that, it is not necessary to have a site in HTTPS.