This all seems perfectly reasonable to me; if you don't have PFS enabled ciphers, I don't understand why you'd expect to be able to be part of the network these days.
Maybe as part of the 2016 compliance suites (which I'm in the process of writing to propose to the XSF council, see standards@ for more info) I'll also add a list of "recommended ciphers" or something. Or maybe that's a separate XEP. Just something to think about. The various servers I run all support a suite of PFS ciphers (as well as the usual fallback ciphers, but I'll gather some data and see how often those are used and consider removing them too). Best, Sam
