Key logs can be written by NSS so that external programs can decrypt TLS connections. Wireshark 1.6.0 and above can use these log files to decrypt packets. You can specify the key file path via Edit→Preferences→Protocols→SSL→(Pre)-Master-Secret log filename.
Key logging is enabled by setting the environment variable
SSLKEYLOGFILE <FILE> to point to a file. This file is a series of lines. Comment lines begin with a sharp character ('#'). Otherwise the line takes one of these formats.
RSA <space> <16 bytes of hex encoded encrypted pre master secret> <space> <96 bytes of hex encoded pre master secret>
CLIENT_RANDOM <space> <64 bytes of hex encoded
client_random> <space> <96 bytes of hex encoded master secret>
RSA form allows ciphersuites using RSA key-agreement to be logged and is supported in shipping versions of Wireshark. The
CLIENT_RANDOM format allows other key-agreement algorithms to be logged but older versions of Wireshark do not support it.