Despite the names of SSL_get_client_random() and SSL_get_server_random(), they
ARE NOT random number generators. Instead, they return the mostly-random values that
-were already generated and used in the TLS protoccol. Using them
+were already generated and used in the TLS protocol. Using them
in place of RAND_bytes() would be grossly foolish.
The security of your TLS session depends on keeping the master key secret: