When you use a secure (HTTPS) connection, after the handshake completes, absolutely everything that is exchanged between the client and server is encrypted. That includes the command (GET, POST, HEAD, etc.) and the username/password credentials which are passed to the server as part of the request header block.

Now, if you look at the raw data stream, what you will probably see is the remote host name amongst a bunch of other "junk" right at the beginning of the connection. This is the server's SSL certificate which is being provided to the client, and the common name (CN) for the ceritificate will be the fully qualified domain name for the host. That said, it's not "secret" information (domain names are public), nor could anything in the certificate be used to expose the system.

As far as I know, SSL3 and TLS1 sessions (which are by far the most common) have never been compromised as long as a reasonable key length has been used (e.g.: 128 bit or higher). Sites which use 56 bit key encryption can be brute forced, but that's an issue with the key size, not the protocol itself.

I must have been mistaken then.
I seen the whole request with ?params&.. stuff.

Guess it must have been a left-over from another log.

I have SSL requests with the password in the url (not ours), so i was a bit afraid.