The reason we use 128-bit encryption instead of 256-bit is because the chance of a successful brute force attack on AES 256 is effectively zero and the chance of a successful brute force attack on AES 128 is also effectively zero. But AES 128 is faster so that's why we, and the following giants of the web, all use 128-bit encryption:
If you’re using Chrome when you’re on any of the sites above, you can see your 128-bit connection to the site by clicking on the padlock in the address bar > Connection tab > "The connection is encrypted and authenticated using …”.
As further evidence, Bruce Schneier said ”And for new applications I suggest that people don't use AES-256. AES-128 provides more than enough security margin for the foreseeable future." He is an internationally renowned security technologist, called a "security guru" by The Economist. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press.
There’s even more at: https://www.quora.com/Why-do-large-sites-like-Google-Amazon-use-128-bit-SSL-encryption-rather-than-256-bit and https://www.quora.com/In-terms-of-security-how-does-128-bit-RC4-compare-with-AES-256
Hope that helps! :)