[buzzkills]

https encrypts the host header (indeed all the http headers), so yes it does encrypt the domain in that respect. What it can't encrypt is the destination IP address, which would be reverse looked up to the domain if everything was configured right in the DNS.

[knome]

This is no longer true.

Seeing as HTTPS sites could not previously share an IP address, making it obvious which site communications with any given IP address was directed towards, an extension was developed that now sends the desired host unencrypted before the encrypted package.

This doesn't yield any more information that could previously be derived, but does allow you to serve as many HTTPS sites from a single host as you wish.

http://en.wikipedia.org/wiki/Server_Name_Indication

[buzzkills]

I stand corrected and I've learnt something :)

[mfenniak]

Most https clients support server name indication (http://en.wikipedia.org/wiki/Server_Name_Indication), which effectively allows the "Host" header content to be presented before a server-side certificate is chosen (and therefore before the session is encrypted), to supported name-based virtual hosting.