The hybrid wrapper communicates in the same way as your browser with the server. The connection is secured with TLS 1.2 and is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.
(At least that's what my browser is currently doing, there's some SSL negotiation going on so your own connection might be encrypted and authenticated using slightly a slightly different key exchange mechanism)