The Distributed Computing & Security research team at the University of Hanover in Germany has implemented a browser encryption test page that analyses the way in which an HTTPS connection is established. One of the things it demonstrates is the accessing browser’s preferred crypto technique.
The first step when establishing an encrypted SSL/TLS connection is the “client hello”. In this step, the browser communicates its capabilities and sends a list of supported cipher suites, sorted according to preference. The list includes a method such as RSA for exchanging keys, a cryptographic hash function such as SHA1 for verifying messages and a symmetric-key method such as AES for encrypting the transmitted data. While all popular browsers now prefer AES in CBC mode, they also continue to support RC4, which has been cracked.
The page also shows which TLS version is supported by the browser. The ideal choice would be the current TLS 1.2, which was specified 5 years ago. TLS 1.2 contains fixes to mitigate the BEAST attack and defines alternatives to the ailing RC4 and AES/CBC crypto techniques. Unfortunately, the current reality is that only Chrome supports TLS 1.1 by default; Internet Explorer can handle 1.1 and 1.2 – but each must first be manually enabled by the user in the browser preferences. Firefox and Safari on Mac OS X are still stuck with TLS 1.0.