Hello,
I have an e-commerce website running Joomla Version 2.5.6 and VirtueMart 2.0.24.
I recently received an email supposedly from Paypal stating the following:
[EMAIL START]
As we have previously communicated to you, PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.
This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.
You're receiving this notification because you've been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!
Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.
[EMAIL END]
Is there anything that I need to do to comply with this upgrade and prevent service disruption? Is there a new version of VirtueMart that I can upgrade to that accommodates the change?
You are running insecure versions of Joomla & VM ( http://forum.virtuemart.net/index.php?topic=118683.0 ) so you should certainly update those.
As for PayPal, you should ensure that your site does not use the old G2 style SSL certificate. If your site does not use SSL then it is not a problem for you, but it is siuggested that people check that their host server has updated their cert. Most will have done this last year when the Poodle SSL exploit was identified.
In any case you can test by simply using PayPal's sandbox. https://devblog.paypal.com/paypal-ssl-certificate-changes/
And further info here: http://forum.virtuemart.net/index.php?topic=128931.msg452870