Hi,
I was under impression that if RSA key exchange is used - so no Forward Secrecy or Perfect Forward Secrecy involved then master secret is always the same, generated by both sides using shared pre-master secret. That is reason to use FS or PFS.
That is as well info in all great videos about PFS posted on your site (John, thanks again).
So knowing pre-master should be enough to decrypt resumed session - of course if pre-master was captured when full SSL handshake was performed for that session.
All the logic for session resumption (at least my understanding) is to not go through new master secret generation and use master secret that is still in both client and server memory (identified by Session ID).
So it seems some limitation of Wireshark, which refuses to use pre-master configured if it can't see full SSL handshake, maybe because it can't connect configured pre-master with resumed session because of not being aware that Session ID send by client to use resume is the one for which configured pre-master should be used?
If above is true then it's quite a problem, but probably one that can be overcome - but not using Wireshark?
Piotr