How does SSLstrip work?
You should watch Moxie Marlinspike's talk Defeating SSL using SSLStrip. In short SSLStrip is a type of MITM attack that forces a victim's browser into communicating with an adversary in plain-text over HTTP, and the adversary proxies the modified content from an HTTPS server. To do this, SSLStrip is "stripping" https://
URLs and turning them into http://
URLs.
HSTS is a proposed solution to this problem.
Talking about possible solutions: The only truly reliable way to prevent/detect SSL stripping is using always-encrypted communication & side-channel authentication of the TLS (basically use the TLS key exchange, but replace PKI/certificate based authentication with user or device based authentication). This means in practice that after an key exchange the server and the user end up with certain shared secrets or keys. Client and server then use a discrete authentication channel (eg. using SSH or other methods of strong asymmetric authentication) and authenticate both their identities and the TLS keys. If the keys are the same, you have a certainty of 100% end-to-end encrypted channel.
If there is a man-in-the-middle, he could do 2 attack vectors:
MITM could terminate TLS communication with the server at his point and let user communicate via HTTP. This causes no alerts in traditional TLS/HSTS. However, this will be discovered by the side-channel authentication, because the server and the client have different TLS keys (key 1 and no-key).
MITM could use a forged or stolen certificate. This might or might not trigger an alert, depending on the used certificate (it might be increasingly easy thanks to Let's Encrypt initiative). This attack would again be discovered by the side-channel authenticated TLS, because the server would have different key than the client (server has key1, MITM has key1 to the server, MITM has key2 to the client, client has key2).
This kills the SSL certificates as a bonus and it would also work with with CDNs Please note that this solution is not immune to backdoors to encryption.