Hello,
Is bro capable of decrypting SSL/TLS flows if I provide it a private key
for the flow?
No. Here is the last thread that discussed this back in 2015 - http://mailman.icsi.berkeley.edu/pipermail/bro/2015-June/008568.html However, some people were able to successfully extend Bro to do this but none of these implementations was released.