How do you defend against the BlackHat 2009 null-character SSL exploit?

Use FireFox 3.5 which is apparently¹ not vulnerable.

(In the end, all SSL clients will need to update to ignore null for null characters when checking the host name of the certificate matches.)

¹ According to this article on The Register (final paragraph).

This is not really a solution and more of a discussion kick-off.

It can be mitigated by reducing the reliance on SSL. What I means is that we should not rely on SSL only and assuming that all SSL connections are secure. The hack essentially allows MITM attacks from being detected by the user.

Maybe, the way to work around it is by avoiding any transmission of sensitive information through the connection.

Eg.

Instead of transmitting login passwords through SSL, have the password hashed at the client and with some sort of salt issued by a challenge and then transmit that through SSL. Also, using some sort of OTP generator like some banks use, is a good idea.