I googled it quickly on your behalf

I'm not familiar with iPhone internals, but given the way everything else of theirs is designed, I cannot find that there is a central dashboard for enforcing this.

That said, many apps that use OAuth (Facebook, twitter) will be running over TLS1.x, and many more will pop up a notification badge saying "server identity could not be verified, continue?" with a yes/no choice. Apple has (allegedly) installed most root certs from trusted certification authorities, so if the app or service is "secure," the app that calls that API should be as well.

That said, if you're being proxied (so, basically any enterprise hotspot ever), you could still be man-in-the-middled.

What are you specifically worried about?