2

What would happen if the random bytes provided by the client and the server in the first two messages would be reused by one peer/by both peers?

I think it would highly reduce the provided security, like for example if you use a nonce multiple times, but i am not quite sure.

Does using the same random bytes multiple times lead to a less secure TLS connection. If so, why and what would happen?

TheDoctor
  • 123
  • 3

1 Answers1

1

If the server uses the same server_random in the 'server hello' message, then this could enable an attacker to launch a replay attack. See SSL replay attack when client/server random is missing for more info.

mti2935
  • 19,868
  • 2
  • 45
  • 64