diff --git a/CHANGES b/CHANGES
index 98f3034437..add558f878 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
 
+2.6-242 | 2019-04-22 22:43:09 +0200
+
+  * update SSL consts from TLS 1.3 (Johanna Amann)
+
 2.6-241 | 2019-04-22 12:38:06 -0700
 
   * Add 'g' character to conn.log history field to flag content gaps (Vern Paxson, Corelight)
diff --git a/VERSION b/VERSION
index cc71b4548f..39cb43fbe0 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.6-241
+2.6-242
diff --git a/doc b/doc
index 8e741019c2..38f6edaf27 160000
--- a/doc
+++ b/doc
@@ -1 +1 @@
-Subproject commit 8e741019c26015066b1e59c224de3ae6b20ff76f
+Subproject commit 38f6edaf273401eef51cf754010f144be6398066
diff --git a/scripts/base/protocols/ssl/consts.zeek b/scripts/base/protocols/ssl/consts.zeek
index aaac5aab84..dc4f72674b 100644
--- a/scripts/base/protocols/ssl/consts.zeek
+++ b/scripts/base/protocols/ssl/consts.zeek
@@ -78,6 +78,7 @@ export {
 		[4] = "sha256",
 		[5] = "sha384",
 		[6] = "sha512",
+		[8] = "Intrinsic",
 	} &default=function(i: count):string { return fmt("unknown-%d", i); };
 
 	## Mapping between numeric codes and human readable strings for signature
@@ -87,6 +88,16 @@ export {
 		[1] = "rsa",
 		[2] = "dsa",
 		[3] = "ecdsa",
+		[4] = "rsa_pss_sha256",
+		[5] = "rsa_pss_sha384",
+		[6] = "rsa_pss_sha512",
+		[7] = "ed25519",
+		[8] = "ed448",
+		[9] = "rsa_pss_sha256",
+		[10] = "rsa_pss_sha384",
+		[11] = "rsa_pss_sha512",
+		[64] = "gostr34102012_256",
+		[65] = "gostr34102012_256",
 	} &default=function(i: count):string { return fmt("unknown-%d", i); };
 
 	## Mapping between numeric codes and human readable strings for alert
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-extension-events/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-extension-events/.stdout
index d5ab2cf618..7347ea650f 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-extension-events/.stdout
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-extension-events/.stdout
@@ -33,9 +33,9 @@ signature_algorithm, 192.168.6.240, 139.162.123.134
 sha256, ecdsa
 sha384, ecdsa
 sha512, ecdsa
-unknown-8, unknown-4
-unknown-8, unknown-5
-unknown-8, unknown-6
+Intrinsic, rsa_pss_sha256
+Intrinsic, rsa_pss_sha384
+Intrinsic, rsa_pss_sha512
 sha256, rsa
 sha384, rsa
 sha512, rsa
@@ -66,9 +66,9 @@ signature_algorithm, 192.168.6.240, 139.162.123.134
 sha256, ecdsa
 sha384, ecdsa
 sha512, ecdsa
-unknown-8, unknown-4
-unknown-8, unknown-5
-unknown-8, unknown-6
+Intrinsic, rsa_pss_sha256
+Intrinsic, rsa_pss_sha384
+Intrinsic, rsa_pss_sha512
 sha256, rsa
 sha384, rsa
 sha512, rsa