I had another client forward me a notice from PayPal that they received yesterday, telling them that the June 30 deadline will affect them. But no real information as to why.
I have found some more interesting information.
First is that some tests that I have ran show only that my server is TLS 1.2 for incoming connections and it doesn't confirm that the outgoing is TLS 1.2.
PayPal has a php test file(s) but I can't figure out what I am suppose to do with it. https://github.com/paypal/TLS-update/tree/master/php I did upload both files but it didn't seem to tell me anything about TLS.
I have also read that the http version needs to be 1.1 (mine is) and that cURL has to be 7.34 or higher, (mine is 7.38). And something about the SSL version, which my server is running OpenSSL/1.0.1e.
When I run a test "Buy Now" button through to the sandbox, it all checks out ok.
Lastly, at the bottom of this PayPal page, https://www.paypal.com/us/webapps/mpp/tls-http-upgrade?CampaignName=VanityURL-tls it says they created a new endpoint to test your system. But it doesn't tell you how to use it. First I used that url as the form action in the "Buy Now" button and it gave me an "OK", but I doubt that is how they intended me to use it.
I did find this code and used it on my site (can't remember where I found this). It gave me the same "OK". It uses that tlstest... url in the code so maybe that's how they intended it to be used but I can't be for sure if it's testing just the incoming connection or not.
echo 'paypal test response <br />';
$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/");
As for the site that uses the WA PayPal Advanced shopping cart, I looked through all of the WA code in the eCart folder and the webassist/ecart folder, for any http links. They are all https so it isn't that. Any other thoughts?