Servers with different certificates and parameters can sit on the same port with different SNI, or with different ALPN. We should make it possible to select Context based on negotiation (made tricky, as the negotiation depends on the Context). It should be possible to lazy load certificates to increase startup time and reduce memory usage for servers with many sites. Dynamic loading and unloaded could be part of the same mechanism as the Context selection mentioned above.
Truncated HMAC is only supported on the server side. It has
however been mentioned on the IETF TLS mailing list that there
are security issues with truncated HMAC, so this is only
lacking for completeness.