The SSL (or TLS) protocol encrypts information exchanged between the server and the browser (or between servers) when an SSL certificate is installed on the server and a browser connects to it. The specifics are more sophisticated, but the basic idea is this.
When combined with TCP, SSL provides an additional layer of security. With this method, the upper protocol layers can continue operating normally while still benefiting from a safe and sound link. This means that the protocol layers beneath SSL can operate as expected.
When an SSL certificate is properly implemented, an attacker will only be able to determine which IP address and port are in use, as well as a ballpark estimate of the total data transfer. The server and the user will be able to detect if the connection is terminated by an outside entity. But they won’t be able to snoop on any communications, so it’s a moot point.
It’s possible for the hacker to determine the user’s host name, but not the rest of the URL. Since the data transfer is encrypted, sensitive information is safe.
