The SSL symetric encryption is the result of a negotiation between client and server. It is possible to restrict it from the server side by using the configuration files. For example, apache SSL configuration include a

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

That can be tune to accept only the strongest encryptions, for example you may want to require only :

SSLProtocol all -SSLv3 -SSLv2 SSLCipherSuite HIGH:MEDIUM

Other variables can be used to do more things like client authentication or require per-directory ciphers.

You can also manipulate the negotiation from the client side. As for an example, please refer to this link that is talking a bit about Firefox SSL settings tuning. I assume other browsers have ways to do this as well.

It seems as this page says that :

The server decides upon the list of cryptography and compression algorithms sent by the client whether to continue or cancel the session. There must be at least one match in both lists, otherwise the session will fail. The cipher combination which took the highest place in the client's list will be used for future communication.

I'm looking for the official protocol.