I understand (on a simple level) the key exchange etc that happens in SSL handshake but what I need to know is that if I called in a GET e.g. https://www.mybank.com?username=fred&password=abcd1234
Would the username and password actually be encrpted and 'safe' en route or would they be visible on the way as they get sent before the handshake. Or does the browser make the connection and handshake first to the www.mybank.com
url then make another call with the complete URL?