How likely/possible is it that the NSA have broken common encryption techniques such as SSL/TLS?
There isn't really a reliable way to know for sure. What we do know from public knowledge is that algorithms exist that allow for fairly efficient breaking of relative prime based algorithms. We also know that there are now functioning quantum computers though none with sufficient quality or processing power to run the algorithms.
What we can't know is if more powerful quantum computers exist that could crack them. Either way, even if such computers do exist, it would be expensive and they would only be able to crack a limited number of cases, so your chances of having your information picked up if protected are most likely minor.
It's also worth noting this is only applicable if you are using your own keys. If you are talking with a US based company, they could simply go to that company to get the information, no cracking of the encryption keys would be necessary.
If you are using your own key and not doing anything nefarious, it is most likely that the NSA wouldn't use the resources necessary to crack your encryption due to its expense. This of course rules out any very well hidden back doors that "might" exist, but seeing as no cryptographers have publicized such a problem, it is unlikely (though I suppose not impossible) that such a hole exists.
Update: While links are generally discouraged, since someone asked for them specifically. The DWave Two is a commercially available (though unable to run Shor's algorithm and may not be truly quantum), functioning quantum computer, though not at sufficient qbits or noise levels to be an issue yet. (But who knows what might be not publicly available based on the state of the art.) Shor's Algorithm is a well known quantum algorithm for factoring large primes. This greatly decreases the effectiveness of any relative prime derived asymmetric cryptography algorithm (which most common ones are based on.) Also Grover's Algorithm should greatly reduce the complexity of cracking symmetric cryptographic algorithms, though a simple increase in bit length will compensate.
If it is true that the goverment has access to the servers that are the target of the comunication (e.g. Google/Facebook) there is no need to tamper with SSL/TLS because at the servers the traffic is unenrypted.