A while ago Paypal announced changes to their system in an effort to improve security which are detailed at:-https://devblog.paypal.com/upcoming-security-changes-notice/
In the context of Virtuemart 1.1.x one change that stands out and will likely affect this version of VM for Joomla is "IPN Verification Postback to HTTPS" found at:-https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1916&viewlocale=en_US
This change affects the "/administrator/components/com_virtuemart/notify.php" notify url script that Paypal posts back to your website after checkout.
When Virtuemart receives this from Paypal, it in turn sends back using a post operation to Paypal with identical information plus a "cmd=_notify-validate" field value.
The Virtuemart 1.1.x does this Postback operation using plain http when as of September 30, 2016 (maybe even earlier) and you must use https/ssl or tls encryption for the Postback operation.
The code affected is found on line 285 of the above mentioned notify.php script which normally reads:
$fp = fsockopen ( $hostname, 80, $errno, $errstr, 30);
I believe this needs to be changed to....
$fp = fsockopen ( "ssl://" . $hostname, 443, $errno, $errstr, 30);
Also the following less important lines of code could be updated...
Original on line 276
$header = "POST $uri HTTP/1.0\r\n";
$header = "POST $uri HTTP/1.1\r\n";
Original on line 280
$header.= "Host: ".$hostname.":80\r\n";
$header.= "Host: ".$hostname.":443\r\n";
Original on line 244
$hostname = 'www.paypal.com
$hostname = 'ipnpb.paypal.com';
Not adapting to the change would likely mean orders remain at Pending status and you would have to manually check your Paypal account that the money is there and you may receive an "IPN Fatal..." warning from the notify script to your Paypal e-mail address.
The only problem here is if you have an older version of virtuemart 1.1 and update to say 1.1.9 the final release, the notify.php would likely be over written and you would lose the changes.
Some people are simply unwilling to update their Joomla/VM/template etc install and why should you if your e-shop does not have sales volumes to justify it so squeezing a bit more out of VM 1.1 life is what I am doing for willing clients.
I have yet to test my suggestions out.
Feedback and corrections welcome.