If I have a domain: https://somedomain.example
with a valid SSL certificate do I have to take any other precautions to encrypt data between clients and my server, or is my only concern now to protect data on the server via some AES encryption in my MySQL database.
Essentially, do I leave all of the security between client and server down to SSL, is that how Facebook and Google do it for instance?