Which parts of the URL are encrypted by SSL?

Question

Lets say we have the following URL request in the address bar of the Browser: https://www.mydomain.com/herecomessomepathorauniqueidlike?=45345678654

My question is: Which part of this URL is protected by SSL, what part can be read by a man in the middle like an administrator in a company?

Thanks in advance.

Answer 1

The administrator can likely tell the hostname of the site you're visiting but not the path. The hostname is transmitted in the initial ClientHello handshake if you're using TLS SNI, which approximately translates to "not on Windows XP or an OS of that vintage." Even without that, though, your administrator can

• likely sniff your DNS requests
• correlate those requests and their responses to the IPs you're contacting.

Everything else, including the path, is transmitted in the HTTP request once the encrypted link is established. In theory, there's no way for this to be man-in-the-middled; in practice, entities as diverse as SSL-stripping hackers and the NSA have demonstrated occasional capability to perform these attacks, but the likelihood of one happening inside a company network is relatively rare.