This article is from the Secure Sockets Layer Discussion List FAQ, by Shannon Appel SAppel@consensus.com with numerous contributions by others.
...Exchanging random numbers that are encrypted with the server's (or
client's) public key would seem to be an adequate way of getting the
secret bits across. Why have DH as well?
Anonymous DH key exchange doesn't require the use of certificates.
Ephemeral DH allows you to use signing-only certificates, and it
protects the session from future compromise of the server's private
key. Another advantage of DH is that the patent expired in 1997.