Are all URL's encrypted when using SSL(https) encryption? I would like to know because I want all URL data to be hidden when using SSL(https).
If SSL gives you total URL encryption then I don't have to worry about hiding confidential information form URLs.
Yes, the SSL connection is between the TCP layer and the HTTP layer. The browser and webserver first establish a secure encrypted TCP connection (via the SSL/TLS protocol) and then the browser will send the HTTP request (either GET or POST) over that encrypted TCP connection.
Entire request and response is encrypted, including URL.
Note that when you use HTTP Proxy, then proxy knows address of target server, but doesn't know requested path on this server. (i.e. request and response is always encrypted)
I'm going to take a leap here and assume you mean the "GET" portion of the https request.
In that case, yes and no. The server address portion of the URL is obviously not encrypted since it is used to set up the connection.
Everything else is encrypted in an HTTPS connection. But if you are using GET instead of POST then the user will still be able to cut and paste the URL out of the location bar, and you will probably not want to put confidential information in there that can be seen by anyone looking at the screen.
All that said, you should be careful of your terminology. To quote a famous swashbuckler: You keep using that word (URL) I do not think it means what you think it means....
As the other answers have already pointed out, https "URLs" are indeed encrypted. However, your DNS request/response when resolving the domain name is probably not, and of course, if you were using a browser, your URLs might be recorded too.
Yes.
This question was asked on Google Answers in 2006 and was answered in detail: