If a site is secured via SSL, can a network sniffer still read the URLs being requested?

Can URLs be sniffed even though a client communicates with a server over SSL? I'm asking because I'm doing remote login & redirect to a physically different server via URL, and wondered if securing the communication via SSL would prevent replay attacks and the like.

Solution

The sniffer will know the IP (and probably hostname) of the server you're requesting from, and the timing/quantity of information transferred, but nothing else.

Yes, replay (and man in the middle) attacks are prevented by SSL if you don't trust a compromised root certificate.

Disable Weak Cipher suites for Google Cloud Run custom domain?
How can I set the Secure flag on an ASP.NET Session Cookie?
Log displays TLSv1 instead of SSLv3
Android SSLSocket#getInputstream() throws HandshakeException on earlier versions of Android 6.0
How to detect SSL pinning is being done in the app?
Testing SSL with multiple SSL-Enabled Websites in IIS
[DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error
If a site is secured via SSL, can a network sniffer still read the URLs being requested?