I already know that a replay attack on an SSL handshake is ineffective, but if we suppose that an "intruder" has listened and has got all of the information from a previous handshake, how will the server recognise the attack?
This is for SSL with RSA one-way and for SSL with RSA one-way: verification on phase 2.
Could you please give advice?
The SSL handshake includes random data from both client and server. While the attacker might replay the ClientHello which includes only the random data from the client he cannot complete the full handshake by just replaying previously captured data since the messages needed for completion also depend on the server side random data, which will change with each new handshake.
