As Serverless now can be configured to use server side encryption for a pre existing deployment bucket, can we use the same for this plugin?

The plugin uploads the alias CF templates to the same bucket as SLS does for the base artifacts and templates. I did not test the feature yet. Can you try it and check if there are any issues with the alias uploads?
If there are any, the upload function within the alias plugin should be adapted accordingly to match the semantics found in the latest Serverless framework version.

As far as I can tell the plugin does not respect the serverSideEncryption setting. So if I set deploymentBucket->serverSideEncryption to f.e. aws:kms and configure the pre-existing bucket to deny unencrypted files, the initial template will be uploaded successfully while the alias template will fail with Access Denied.

Ok. Then this is a missing feature and the upload of the alias templates should be changed to match the semantics now used in the core framework, i.e. to support the serverSideEncryption setting.

@sbkn The feature is ready (available in the PR). Although I have still to adapt the unit tests to get the coverage up again, you can already test it. and merged to master. Please leave a feedback here, if it works as expected now.