Yes, any value in a GET statement or POST data (e.g. ?user=ANYTHING
), is encrypted once the SSL/TLS sessions are negotiated.
During an TLS connection, the first thing that happens is a "Client Hello" messages that begins negotiating the encryption ciphers/hashing ciphers to establish a connection. On some browsers, the hostname is sent using the SNI protocol prior to establishing the session. Also, if using an explicit HTTP proxy (configured by browser settings, group policy) the plain hostname submitted via a CONNECT statement transmitted in plaintext. However, it's only the hostname that is sent in the most verbose scenario, never the page being requested or POST data.
After the session is negotiated, the traditional HTTP GET command is then issued. This command is sent over a TLS session, so the data is encrypted and not vulnerable to easy eavesdropping.
You can take a look here for a bit more detail.