Changes to PayPal will force sites to use SSL/TLS in future

Hi

I have just been sent an email from PayPal about changes they are doing to their payment system.

You can see all the changes here > https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1913&expand=true&locale=en_US

One of them is that they will NO longer be supporting calls from HTTP to HTTPS, e.g IPN callback pages, return pages etc.

I quote from > https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1916&viewlocale=en_US

“Merchants and partners use Instant Payment Notification (IPN) to receive notifications of events related to PayPal transactions. The IPN message service requires that you acknowledge receipt of these messages and validate them. This process includes posting the messages back to PayPal for verification. In the past, PayPal has allowed the use of HTTP for these postbacks. For increased security going forward, only HTTPS will be allowed for postbacks to PayPal. At this time, there is no requirement for HTTPS on the outbound IPN call from PayPal to the merchant’s IPN listener.”

As well as this they are updating their TLS requirements and so on.

Therefore I am asking whether
a) the s2member plugin already supports HTTPS
b) if it will be detecting/forcing users to install certain SSL certificates etc
c) adding verification/tests for correct setup under the PayPal IPN Integration / PDT/Auto Return Integration options in the config.

Does it have any recommendations for people with sites not on SSLs at the moment that will require them by September this year to carry on accepting payments from PayPal?

Thanks

https://wordpress.org/plugins/s2member/