Well, if you're
really interested in the details, have a look at
RFC 2069 and
RFC 2617, which define how Basic and Digest authentication works.
SSL has no impact on authentication, because the authentication information is part of the HTTP headers, which are not encrypted by SSL. Yes, the digested password is known if the transmission is intercepted, and could be used for a playback attack. But the password is still secret.