TLS Handshake Tech Infographic | network diagram for hospital management system

Tech architecture infographic titled "TLS Handshake" using archetype PROTOCOL HANDSHAKE for a senior engineer audience. Show a dark-mode developer visual with dark mode neon palette, editorial developer-blog illustration, isometric or flat tech-diagram style, vector-clean infographic layout. Create a precise numbered protocol diagram with labeled boxes connected by directional arrows. Main components: Client Browser, Recursive DNS Resolver, Web Server / API Endpoint, Certificate Authority (supporting trust context), optional Load Balancer / Reverse Proxy as TLS terminator, and optional Session Cache. Do not include database, cache, or queue unless explicitly shown as optional non-primary context, because TLS handshake is primarily client-to-server. Each box must include an icon, a canonical English name, and a one-line English role description. Example box labels: "Client Browser — Initiates TCP and TLS connection", "Recursive DNS Resolver — Resolves hostname to IP address", "Web Server / API Endpoint — Presents certificate and negotiates TLS session", "Certificate Authority — Issues and signs server certificate", "Session Cache — Stores resumable session parameters". Show arrows with short English labels describing what crosses. Use technically accurate flow for modern TLS 1.3, with optional note for TLS 1.2 legacy path if visually separated. Main numbered exchanges: 1) Client Browser to DNS Resolver: "A/AAAA query"; 2) Client Browser to Web Server: "TCP SYN" then "SYN-ACK" then "ACK"; 3) Client Browser to Web Server: "ClientHello: TLS version, cipher suites, SNI, ALPN, key share"; 4) Web Server to Client Browser: "ServerHello + selected cipher + key share"; 5) Web Server to Client Browser: "EncryptedExtensions"; 6) Web Server to Client Browser: "Certificate + CertificateVerify"; 7) Web Server to Client Browser: "Finished"; 8) Client Browser validates certificate chain against trusted CA roots: "Signature, hostname, validity, trust chain"; 9) Client Browser to Web Server: "Finished"; 10) Secure application data begins: "HTTPS request" and return arrow "HTTP 200 + encrypted application data". If session resumption is illustrated, add a secondary dashed path: "PSK / session ticket resumption". Include a small side note box: "TLS protects data in transit after handshake; not an audited reference architecture". Add a numbered legend (1-7) walking through the lifecycle in English: 1. Resolve server hostname to IP. 2. Establish TCP transport with 3-way handshake. 3. ClientHello proposes TLS parameters and key share. 4. ServerHello selects parameters and returns its key share. 5. Server authenticates with certificate chain and proof of private key possession. 6. Both sides derive shared traffic secrets and exchange Finished messages. 7. Encrypted HTTPS application traffic starts; optional session resumption may reduce round trips later. Use glowing neon cyan, violet, magenta, and lime accents on a charcoal background, subtle grid, crisp arrows, layered panels, high contrast labels, precise protocol-callout chips, and restrained engineering aesthetics. All text MUST be written in English (array). Every heading, label, caption, legend and metric name in the image must be in English — not English. Spell each English word correctly using English characters and diacritics. Numbers stay as digits, no real cloud-vendor logos (AWS / GCP / Azure) — use generic cloud icons, no watermarks No real cloud-vendor logos (AWS, GCP, Azure) beyond generic cloud icons. Common protocol names (HTTPS, TCP, JWT, OAuth, REST, GraphQL) stay in canonical English form. No security-claim overstatements (do not present diagrams as audited reference architectures).