This article is from the Secure Sockets Layer Discussion List FAQ, by Shannon Appel SAppel@consensus.com with numerous contributions by others.
It hasn't been truly "disavowed", but weaknesses have been
discovered such that some people believe that an alternative should
be found. These weaknesses were found by Dr. Hans Dobbertin
<firstname.lastname@example.org> of the German Information Security Agency
in a paper called "Cryptanalysis of MD5 Compress" dated May 2, 1996.
A postscript version of the paper is at
SSL uses MD5 in combination with SHA for all negotiation. It also
uses MD5 alone in most negotiated cipher suites. However, in these
cases it is used with the HMAC construction, which strengthens it
such that there are no known problems with this construction.
It has been proposed with TLS to start phasing out all use of MD5.