The main purpose of the random nonces in the SSL handshake is to protect from playback attacks during connection.
• In the connection play back attack (playback attack), an attacker sniffs all the message transactions between a sender and receiver, and tires to connect receiver on some other time using the same sniffed messages.
• These types of attacks can’t be avoided by using only sequence numbers. Therefore, a nonce is used in SSL handshake to avoid playback attacks.
• If the nonces are used during the connection, the attacker’s messages will failed to pass integrity check.
• If the same nuance is used for each connection, the attacker can sniffs the messages, nonce and can send the same messages to receiver as the original sender. To avoid this problem, random nonces are used in SSL handshake. That is, a nonce used for one connection, is never reused for another connection.
Thus, the random nonces are used in the SSL handshake to prevent the “play back attack” connection.
If you found this answer helpful, please upvote and share with other students in your network.