No mitigation is required. Part of the data signed by the server certificate in the handshake is the entire ClientHello message. If a MitM attacker did a downgrade, they would have to change the ClientHello, and then the client would notice that what the server signed does not match what they sent.