It's not session resumption that is the problem - even when TLS sessions are resumed, new connections still generate new keys. Rather, it's new requests on the same HTTPS connection (HTTP keepalive). The problematic predictable IV is at the start of each HTTPS record within a single connection.
