PayPal recently sent out an email to people that use PayPal IPN (instant payment notification) on their websites. This means that you use PayPal to accept payments.
If you don't use a SSL on your website (Security Certificate that give the httpS in the address bar), to communicate with any payment service DOES require that your server have a working SSL infrastructure in the back-end. Most likely you are OK. If you are unsure you can check with your hosting company.
If you do use a SSL on your website and want to check if you server is SHA-256 complaint, you can visit this website. Enter your domain name there and look for Signature Algorithm. It should say “sha256WithRSAEncryption”. If yes, you are set. If not, your webhost needs to upgrade your severs to support SHA-256 signing algorithm.
Most likely everything will be OK and no action will need to be taken. PayPal should have worded their email and subject better. But if you have any questions or concerns you should check with your hosting company.