1

Possible Duplicate:
With HTTPS, are the URL and the request headers protected as the request body is?

When establishing a https connection, an ssl handshake takes place and secret key and the encryption algorithm are shared. Then the data sent is encrypted and cannot be subject ot man in the middle attack or eaves dropping.
My question is what type of data is encrypted. Are the url parameters sent in a get request also encrypted. I am asking this because, they are not included in the body. And are all the attributes that are set in the request headers encrypted?

Community
  • 1
  • 1
Ashwin
  • 12,691
  • 31
  • 118
  • 190

1 Answers1

4

Yes, they are. Absolutely everything is encrypted.

James M
  • 18,506
  • 3
  • 48
  • 56
  • 1
    +1. The only thing an outsider could see is the IP address of the target (but not the host name, for example, which makes name-based virtual hosting and SSL a bit incompatible). He could not even tell if this is a GET request or not. – Thilo Mar 26 '12 at 12:52
  • 1
    @Thilo, regarding the host name, it's a bit more subtle that that, see [this](http://superuser.com/a/377241/42341) and [this](http://stackoverflow.com/a/8858241/372643). – Bruno Mar 26 '12 at 13:37
  • 2
    The outsider can also see the port number ... – user207421 Mar 26 '12 at 21:47
  • @James McLaughlin : What is the difference betwen channel encryption and data encryption? SSL Encrypts the data also when we send it right? – Ashwin Mar 27 '12 at 11:12
  • @Thilo Exactly that's the reason why you need dedicated IP for name-based virtual hosting with SSL ;-) – laika Sep 09 '13 at 13:48