If the server receives an allocate request for a super-session that hasn't 
previously sent a nonce, it always returns 401, even if the request contains a 
message-integrity attribute.

Following the steps of RFC 5389 section 10.2.2., and assuming that "unknown 
nonce" should be handled the same as "expired nonce", it should return 438 in 
this case instead.

What steps will reproduce the problem?
1. Send an ALLOCATE request containing a valid username and realm, and with 
message-integrity correctly calculated for the username's password, but with a 
nonce that the server doesn't accept for this allocation.  (It could come from 
a different allocation, for instance, if the client is assuming nonces can be 
shared across allocations; or the server could have crashed and restarted.)

What is the expected output? What do you see instead?

I expect a 438 response; the server instead sends 401.

What version of the product are you using? On what operating system?

turnserver-3.2.2.7 on Ubuntu 12.04

Please provide any additional information below.

See the tram mailing list thread starting at 
<http://www.ietf.org/mail-archive/web/tram/current/msg00248.html>.

Will be fixed in 3.2.2.8