Some updates, I tried the latest dev version, 1.11.3, had some progress.
well, I now am able to see some content in the ssllog, decoded, but :
1. doesn't seems to be full, I only saw the client to server traffic get partially decoded, not server to client data.2. this is just in the ssl debug log. I still don't see it in the main trace.


From: swang54-***@public.gmane.org
To: wireshark-users-IZ8446WsY0/***@public.gmane.org
Subject: can't get decryption with pre-master secret log to work.
Date: Sun, 18 May 2014 10:12:05 -0700




Hello,

I've been trying to decrypt the ssl traffic on chrome using the pre-master secret log method, here is what I did:osx, downloaded latest chrome dev version.defined SSLKEYLOGFILE as a env variablemade sure my wireshark(1.10.7) is gnutls build.in wireshark, configed the ssl config to point to the exact file, also make sure the file can be read by anyone( chmod 777)load my page and start capturing.I can see that:
1.there is content in the keylog file, there are many roles, all like : CLIENT_RANDOM fdf7092065550a275290721dd44565cd77e................
2. there was handshake steps at the beginning
3. there is data flow in ssl
4. tried to 'decode' the packages data as 'ssl'
tried to log ssl message, what I see is:
......trying to use SSL keylog in /Users/swang/keylog
checking keylog line: # SSL/TLS secrets log file, generated by NSS
line does not match
(saw many like like such, based on the log lines in keylog file dumped by chrom dev version)
cannot find master secret in keylog file either
dissect_ssl3_hnd_srv_hello can't find cipher suite 0xC02B
record: offset = 99, reported_length_remaining = 1249
need_desegmentation: offset = 99, reported_length_remaining = 1249


Any suggestions how/what I should look into in the ssl log to get teh root cause?

thanks,