Ssl3_send_client_key_exchange is a function used by the client to determine the key in OpenSSL. It also sends "part" of the data to the server, which is called pre_master, both the client and server generate the final symmetric key based on the pre_master passed by the peer end and another part of the data calculated by themselves. During the generation process, the random number in the Hello message is required, the generated key will not be the same every time. Because the DH share in the SSL protocol comes from the certificate, and the certificate is static, it is necessary to introduce a random factor to ensure the randomness of the keys negotiated by the key share exported through the static certificate. At the same time, this is also the meaning of pre_master, that is, random, for RSA key exchangeAlgorithmIn this case, the pre-master-Key itself is a random number, and the random number in the Hello message is added. The three random numbers are exported to a symmetric key through a key export device. However, for DH, including the ecdh algorithm (excluding anonymous DH and instantaneous DH), there are only two random number factors in the Hello message.
The existence of pre master lies in the fact that the SSL protocol does not trust each host to generate a random number completely. If the random number is not random, the PRE master secret may be guessed, therefore, it is not appropriate to use only the pre master secret as the key. Therefore, a new random factor must be introduced, the key generated by the client and the server together with the PRE master secret three random numbers is not easy to guess. A pseudo random may not be random at all, however, three pseudo-random values are very close to random values. Each increase in degrees of freedom is not a random increase.