Even if they can be, these things should not be changed... and they should also not be a security concern since they should be opened in your firewall to the outside world.
Every unencrypted connection is not a security risk, this is not an information or file server, and these ports and connections are of very little consequence if your network is properly secured and you didn't do something foolish like put the MCD in the DMZ or something. Your security audit does not comprehend what these are and what they are for, just that they show up on a scan as "encrypted" and a potential threat, which they are not.