How do browsers negotiate SSL/TLS connection parameters?
In SSL, the key exchange, symmetric encryption and MAC algorithm are all grouped together into a single aggregate notion called a cipher suite.
In the initial handshake, the client sends:
- the highest protocol version that it supports;
- the list of cipher suites that it supports, in order of preference;
- other things which are not relevant here.
Then the server selects the protocol version and the cipher suite that will be used. The theory is that a courteous server will choose the protocol version that is the highest that both client and server support, and will honour the client's preferences by selecting the first cipher suite in the client list that the server also supports. Existing servers are not all courteous.
Note that the protocol version is not wholly independent of the cipher suite: some cipher suites work only with some protocol versions (e.g. cipher suites with AES/GCM as encryption+MAC work only with TLS 1.2).
In any case, there is no independent selection of key exchange, symmetric encryption and MAC: the protocol is not orthogonal in that respect. Not all combinations make sense; and not all combinations that make sense are actually defined, i.e. have an allocated cipher suite identifier.
For more information on this process, you may start by reading this answer.
Browsers are more or less configurable with regards to the cipher suites they support and the order in which they send them. Usually you can activate or deactivate cipher suites (e.g. see this) but the order is under control of the browser's logic (which can change depending on the version). In any case, the server ultimately chooses, not the client (though of course the client can always force the use of a specific cipher suite by sending a list restricted to that single cipher suite).
It can be argued that the notion of "order of preference" has little meaning. In practice, the client sends a list of cipher suites that it is willing to use, and thus any of them is usable. If a cipher suite is "weak" then the client should not put it down enough in its list of preference so that the server, hopefully, will not select it; instead, the client should not include it at all. Weak is weak.
@ThomasPornin's answer addresses your first question. Your second question, then, is "how does one configure the protocol and cipher suite in the browser?"
Firefox
Protocol is configured by modifying the about:config variables security.tls.version.min and security.tls.version.max. You can set the min and max to:
- 0: SSL 3.0 is the minimum required / maximum supported encryption protocol.
- 1: TLS 1.0 is the minimum required / maximum supported encryption protocol.
- 2: TLS 1.1 is the minimum required / maximum supported encryption protocol.
- 3: TLS 1.2 is the minimum required / maximum supported encryption protocol.
The list of cipher suites offered up by Firefox is controlled by the about:config variables security.ssl3.(cipher suite). You don't get to control the order with this interface, but I wouldn't worry about that; order on the client is a "preference" only, it is the server order that dominates the selection of cipher. The use of "ssl3" in the name doesn't mean it only impacts ssl3; it affects the cipher suites that can be offered by all SSL3 or TLS* versions.
You cannot simply add a key with a cipher name; the cipher has to be supported by the software, and newer versions of Firefox support improved libraries of cipher suites as older, insecure suites are retired and newer suites are added.
I have read that it is possible to compile the library necessary to add a new custom cipher suite, but I cannot find that reference now and I wouldn't recommend it as a general rule.
Chrome
Protocol is configured using the --ssl-version-min command line switch. For example, to disable SSLv3:
--ssl-version-min=tls1
The list of cipher suites can be reduced from the default using the --cipher-suite-blacklist command line switch, referencing the values from the IANA TLS Cipher Suite Registry.
--cipher-suite-blacklist=0x0005,0x0004
There's an excellent discussion here which touches on how the different browsers make their cipher suites accessible, and more particularly how they don't go out of their way to make it easy or possible.
Both the client (browser) and the server support a set of cipher suites.
The browser sends its list to the server, then the server picks from its (sorted) list something they both support.
The 4 parameters don't get chosen independently. All 4 belong to one cipher suite.
Which cipher suite your browser does support you can see here. Scroll down to "Cipher Suites (in order of preference)".
You can see the list for a given server here.