Until today the example Nginx reverse proxy config for Etherpad allowed for weaker SSL encryption than is acceptable.
You can see if your instance is vulnerable by checking your instances SSL cert
Check your Nginx config to see if this line exists:
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
If so replace with:
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 ECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
Restart Nginx then check your instances SSL cert
We updated the wiki to reflect this change.