TLS 1.3 Handshake Infographic in Star Network Layout

Tech architecture infographic titled "TLS Handshake" using archetype PROTOCOL HANDSHAKE, designed for a senior engineer audience. Show a star network layout composition with the central handshake sequence as the hub and supporting systems arranged around it. Create a technically accurate TLS 1.3 handshake diagram with labeled boxes connected by directional arrows. Main boxes: "Browser Client" with browser icon and role description "Initiates HTTPS connection and validates server identity"; "DNS Resolver" with network node icon and role description "Resolves domain name to server IP address"; "Web Server / API Endpoint" with server rack icon and role description "Terminates TLS and serves HTTPS responses"; "Certificate Authority" with certificate badge icon and role description "Issues and signs X.509 server certificates"; optional side boxes for context only: "Session Cache" with cache icon and role description "Stores session tickets for resumption", "Application Service" with API gear icon and role description "Processes business logic after TLS is established", "Database" with database cylinder icon and role description "Stores application data after secure transport is ready", "Message Queue" with queue stack icon and role description "Carries async jobs after request handling". Use arrows with precise protocol labels: Browser Client to DNS Resolver labeled "DNS query A / AAAA"; DNS Resolver to Browser Client labeled "IP address response"; Browser Client to Web Server / API Endpoint labeled "TCP 3-way handshake: SYN" then "SYN-ACK" then "ACK" as numbered exchanges before TLS; Browser Client to Web Server / API Endpoint labeled "TLS 1.3 ClientHello + SNI + ALPN + supported cipher suites + key share"; Web Server / API Endpoint to Browser Client labeled "ServerHello + selected cipher suite + key share"; Web Server / API Endpoint to Browser Client labeled "EncryptedExtensions"; Web Server / API Endpoint to Browser Client labeled "Certificate"; Web Server / API Endpoint to Browser Client labeled "CertificateVerify"; Web Server / API Endpoint to Browser Client labeled "Finished"; Browser Client to Web Server / API Endpoint labeled "Finished"; Browser Client to Web Server / API Endpoint labeled "HTTPS GET / over TLS"; Web Server / API Endpoint to Browser Client labeled "HTTP/1.1 200 OK or HTTP/2 response over TLS". Add optional resumption path from Session Cache to Browser Client and Web Server labeled "PSK / session ticket resumption". If contextual backend boxes are shown, connect Web Server / API Endpoint to Application Service labeled "decrypted HTTPS request"; Application Service to Database labeled "SQL query / row fetch"; Application Service to Message Queue labeled "async event"; Application Service back to Web Server / API Endpoint labeled "response payload". Each box must include an icon, canonical English name, and one-line English role description. Add a numbered legend 1-7 in English: 1. "Client resolves server hostname via DNS." 2. "Client opens TCP connection to the server IP." 3. "ClientHello proposes TLS version, cipher suites, ALPN, and key share." 4. "ServerHello selects parameters and sends certificate-based authentication messages." 5. "Client validates the X.509 certificate chain and verifies Finished messages." 6. "Handshake traffic keys become application traffic keys; encrypted HTTPS can now flow." 7. "Optional session ticket enables faster future TLS resumption." Include subtle engineer-friendly notes such as "TLS protects data in transit, not application correctness" and "Illustrative protocol flow, not an audited security architecture" in small caption style. Visual style: retro 1980s computing, blueprint cyan palette, dark navy background with cyan line art, phosphor-glow accents, grid paper texture, terminal-inspired typography, neon wireframe nodes, crisp geometric arrows, editorial developer-blog illustration, isometric or flat tech-diagram style, vector-clean infographic layout. Overall mood: technical, nostalgic, precise, high-signal, schematic. All text MUST be written in English (array). Every heading, label, caption, legend and metric name in the image must be in English — not English. Spell each English word correctly using English characters and diacritics. Numbers stay as digits, no real cloud-vendor logos (AWS / GCP / Azure) — use generic cloud icons, no watermarks No real cloud-vendor logos (AWS, GCP, Azure) beyond generic cloud icons. Common protocol names (HTTPS, TCP, JWT, OAuth, REST, GraphQL) stay in canonical English form. No security-claim overstatements (do not present diagrams as audited reference architectures).