I use the PayPal IPN for payment notification. PayPal says all Https connections must be SHA-256 compliant by Sept 30, 2016. (ie Https using TLS 2.1) In fact PayPal live testing begins on 6/17. A PayPal email stated "We strongly recommend that your systems are compatible with SHA-256 by 17 June to ensure that your business isn’t interrupted."
So I made a mod to my IPN webapp and tested it with the "PayPal IPN Simulator". Resulting message = "IPN was sent and the handshake was verified."
Does anyone know if the "PayPal IPN Simulator" is Positive Confirmation that the IPN webapp is now SHA-256 compliant?
Update: Here is the .Net HTTPS post-back code from my IPN app.
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
HttpWebRequest req = (HttpWebRequest)WebRequest.Create("https://www.paypal.com/cgi-bin/webscr");
IPN simulator won't confirm whether your script has done a post-back or not, the "IPN was sent and the handshake was verified" message only indicates an one-way connection success (from PayPal to your URL).
To ensure your web server is SHA-2 compatible when your IPN makes post-backs to PayPal, you may simply test the connection from your host to PayPal endpoints with command below (e.g. LAMP environment):
openssl s_client -connect api-3t.sandbox.paypal.com:443 -showcerts
or check the server trust store and see if G5 root cert is included,
ls -la /etc/ssl/certs/ | grep G5