Hmm, that might be a bug in Openfire then. When you don’t have them enabled, your scanner should not pick them up. 
When all else fails, you might want to work around this problem by disabling those ciphers on the Java level. Openfire takes the ciphers provided by Java and the BouncyCastle provider, and lets you configure those. By not making them available to Openfire in the first place, they cannot be used. Have a look here: JSSE Reference Guide