tls – Why can’t tls1.2 server use certificate’s private key to encrypt ‘server finish’, and send if after ‘server hello’?

The Server Finished message does not contain anything relevant. It’s merely a test/validation to ensure the Server has generated proper Session Keys.

By encrypting a hash of the transcript of the handshake and sending it to the Client, the Client is able to validate that the Server has the correct Session Keys, and that both the Client and Server “saw” the same handshake records.

The Client does the same in the opposite direction with the Client Finished.

If you changed this mechanism, you’d need to add another mechanism to validate the Server has the proper session keys.

And, having the Server encrypt it’s Certificate record to the Client would only serve one purpose: Proves the Server has the matching Private Key… but that is already proven because the Server signs it’s Server Key Exchange record.

So in the end, your suggestion would take away a necessary step, and add an unnecessary step.